let's reconsider about collecting logs. plus, visiting elastic@moutain view!
TRANSCRIPT
Let’s reconsider about collecting logs.Plus, visiting elastic@Mountain View!
Shin Tanimoto Acroquest Technology Co., LTD.
Copyright © Acroquest Technology Co., Ltd. All rights reserved.
Who am I?
2
• 谷本 心 (Shin Tanimoto)
- Acroquest Technology Co., LTD.(Sales partner of elastic)
- Java Troubleshooter- Board member of JJUG
(Japan Java User Group)- Twitter : @cero_t- Facebook : shin.tainmoto
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
Quiz🙋
3
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
What is the originof the word “log”?
4
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.5
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ancient Greece people record the “date” using
branches of the tree.
6
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
2. In medieval Europe, people measured “speed” of ship with log (round wood).
7
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
3. In the early 20th century United States, engineers used a
logarithm table for “usage history” of computers.
8
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ancient Greece people’s “date” record.
2. Medieval Europe sailors’ “speed” record.
3. American engineers’ “usage” record.
9
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1.
2. Medieval Europe sailors’ “speed” record.
3.
10
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
Common sense:Log is important
11
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
True common sense:Watching log is painful!
12
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
Then log should bewatched and processedby machine (ordinary)
13
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.14
#1 Ordinal Log Processing
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ordinal Log Processing
ELK stack
15
send logs
search
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ordinal Log Processing
Access counts (upper) / response time (lower)
16
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ordinal Log Processing
Access counts (upper) / response time (lower)
17
10/sec
100/sec
30sec
20sec
10sec
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ordinal Log Processing
Huge performance issue
18
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ordinal Log Processing
Huge performance issue
19
3000sec
2000sec
1000sec
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ordinal Log Processing
Slow query log of MySQL
20
same shape!
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ordinal Log Processing
Slow query log of MySQL
21
2000sec
1000sec
same shape! same scale!
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ordinal Log Processing
But where do these shapes come?
22
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ordinal Log Processing
23
But where do these shapes come?1. Lock tables?2. Up to maximum size of connection pool?3. CPU bottle neck?4. Disk I/O bottle neck?
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ordinal Log Processing
24
Confirm the stored procedure in detail1. Found 100,000 times of insert into “temporary table” query
– (even in the search function … )– causing high CPU and Disk I/O usage
2. Optimized the stored procedure removing wasting process– Only a drop in the bucket 😩
3. Modify the create temporary table state in the stored procedure to create that temporary table “on memory”– with memory tunings ( tmp_table_size etc. )– resulted in …
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ordinal Log Processing
Performance issue was resolved!
25
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ordinal Log Processing
Performance issue was resolved!
26
500sec
100sec
Never mind, some heavy batch
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ordinal Log Processing
Disk I/O improved!!!
27
Disk I/O on MySQL server
before ← →after
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
1. Ordinal Log Processing
I/O wait had gone!
28
before ← →after
CPU usage on MySQL server
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.29
#2 Reconsider Log
Processing
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.30
Watching logs to detect errors is a responsibility of
developers, isn’t it?
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.31
Watching logs is important but painful
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.32
Let’s think about painless log
processing system
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#2 Reconsider Log Processing
Logs can be used in various waysVisualizing - as chartWatching - and notifying by e-mailViewing - by human’s eyesKeeping - backup just in case
33
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#2 Reconsider Log Processing
Logs can be used in various purposeVisualizing - To find “unknown” issuesWatching - To find “known” issuesViewing - To find the cause of issuesKeeping - To use as necessary
34
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#2 Reconsider Log Processing
Logs retention period are also variousVisualizing - last 2 or 4 weeksWatching - last 24 hoursViewing - last 2 or 4 weeksKeeping - entire period
35
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#2 Reconsider Log Processing
Tools for processing logs are differentVisualizing - ElasticsearchWatching - Zabbix or some custom batchViewing - Text editorKeeping - File server
36
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.37
Log is not necessarily files.
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.38
Log can be regarded as events.
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.39
Log streaming hub
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#2 Reconsider Log Processing
Log Streaming Hub
40
Application
AgentStreaming
Hub
Viewer
Watcher
Visualizer
Storage
Application
Agent
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#2 Reconsider Log Processing
Ordinal case
41
Application
fluentd
Text Editor
Zabbix
Elasticsearch+ Kibana
NAS
Application
fluentd
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#2 Reconsider Log Processing
Using fluentd
42
Application
fluentd fluentdZabbix
Elasticsearch+ Kibana
Application
fluentd
Text Editor
NAS
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#2 Processing Logs
Using Redis?
43
Application
Logstash RedisZabbix
Elasticsearch+ Kibana
Application
Logstash
Text Editor
NAS
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#2 Reconsider Log Processing
An example on AWS
44
Application
Kinesis Agent
Kinesis Cloudwatch Logs
Elasticsearch+ Kibana
Application
Kinesis Agent
S3
Lambda
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#2 Processing Logs
An example on AWS
45
Application
awslogsCloudwatch
Logs
Elasticsearch+ Kibana
Application
awslogsS3
Lambda
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#2 Processing Logs
An example on AWS
46
Application
logstash S3
Elasticsearch+ Kibana
Application
logstash
Cloudwatch Logs
Lambda
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#2 Processing Logs
Anyway…
47
Application
AgentStreaming
Hub
Viewer
Watcher
Visualizer
Storage
Application
Agent
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.48
すんなり入る話ですよね?
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.49
By the way
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.50
I had visited elastic@Mountain View!!
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.51
写真はブログでhttp://acro-engineer.hatenablog.com/
entry/2015/11/08/150942
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.52
elastic stack .Next
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#3 elastic stack .Next
ElasticsearchTask management APIReindex API
https://www.elastic.co/elasticon/2015/sf/whats-next-for-elasticsearch-2x-and-beyond
LogstashClusteringPersistent
https://www.elastic.co/guide/en/logstash-roadmap/current/index.html
53
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#3 elastic stack .Next
KibanaCustom Apps / plugins
https://www.elastic.co/elasticon/2015/sf/whats-cookin-in-kibana-4
BeatsPacketbeatFilebeatTopbeat
https://www.elastic.co/products/beats
54
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#3 elastic stack .Next
Commercial pluginCross-stack monitoring / managementCross-stack securityPDF reportingOrchestration / Automation
55
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.56
Using elastic stack .Next
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.
#3 elastic stack .Next
Using next ELK stack + AWS
57
Application
Filebeat Topbeat
Logstash
Elasticsearch+ Kibana
Application
Filebeat Topbeat
S3
Cloudwatch Logs
Copyright © Acroquest Technology Co., Ltd. All rights reserved.Copyright © Acroquest Technology Co., Ltd. All rights reserved.58
Beatsシリーズ調べなくちゃって気に
なりました
Copyright © Acroquest Technology Co., Ltd. All rights reserved.59
Enjoy processing logs using ELK!