SLIDE 1 Eduardo Silva eduardo@treasuredata.com @edsiper
Unifying Events & Logs into the Cloud
August 17, 2015 CloudOpen/LinuxCon, Seattle
SLIDE 2 About Me
Eduardo Silva
- Github & Twitter @edsiper
- Personal Blog http://edsiper.linuxchile.cl
Treasure Data
- Open Source Engineer
- Fluentd / Fluent Bit http://github.com/fmuent
Projects
- Monkey HTTP Server http://monkey-project.com
- Duda I/O http://duda.io
SLIDE 3
Logging
SLIDE 4 Logging Matters
Pros
- Application status
- Debugging
- General information about anomalies: errors
- Troubleshooting / Support
- Local or Remote (network)
SLIDE 5 Logging Matters
From a business point of view
Analytics →
- User interaction / behaviors
- Improvements
SLIDE 6
Assumptions
SLIDE 7 Logging Matters
Assumptions
- I have enough disk space
- I/O operations will not block
- Log messages are human readable
- My logging mechanism scale
SLIDE 8
Logging Matters
Assumptions Basically, yeah.. it should work.
SLIDE 9
Concerns
SLIDE 10 Logging Matters
Concerns
- Logs increase = data increase
- Message format get more complex
- Did the Kernel fmush the bufgers ? (sync(2))
- Multi-thread application ?, locking ?
- Multiple Applications = Multiple Logs
SLIDE 11 Logging Matters
Concerns
If Multiple Applications = Multiple logs Multiple Hosts x Multiple Applications = ???
SLIDE 12 OK, so:
- 1. Logging matters
- 2. It's really benefjcial
- 3. but...
SLIDE 13
It needs to be done right.
SLIDE 14 Logging
Common sources & inputs
- Application Logs
- Apache
- NginX
- Syslog (-ng)
- Custom applications / Languages
- C, Ruby, Python, PHP, Perl, NodeJS, Java, etc.
SLIDE 15
In a galaxy not so far away...
SLIDE 16
SLIDE 17 How to parse/store multiple data sources ?
note: performance matters!
SLIDE 18
SLIDE 19 Fluentd is an open source data collector
It let's you unify the data collection for a better use and understanding of data.
SLIDE 20
before
SLIDE 21
after
SLIDE 22 Fluentd
Highlights
- High Performance
- Built-in Reliability
- Structured Logs
- Pluggable Architecture
- More than 300 plugins! (input/fjltering/output)
SLIDE 23
Fluentd
Architecture
SLIDE 24
Fluentd
Internals simplifjed
SLIDE 25
Fluentd
Input plugins
SLIDE 26
Fluentd
Output plugins
SLIDE 27
Fluentd
Buffer plugins
SLIDE 28
Fluentd
Buffer plugins
SLIDE 29
SLIDE 30
M x N M + N →
SLIDE 31
Fluentd
Simple Forwarding
SLIDE 32 Fluentd
Simple Forwarding: confjguration
# logs from a fjle # store logs to MongoDB <source> <match backend.*> type tail type mongo path /var/log/httpd.log database fmuent format apache2 collection test tag backend.apache </match> </source> # logs from client libraries <source> type forward port 24224 </source>
SLIDE 33
Fluentd
Less Simple Forwarding
SLIDE 34
Fluentd
Lambda Architecture
SLIDE 35 Fluentd
# logs from a fjle # store logs to MongoDB <source> <match *.*> type tail type copy path /var/log/httpd.log <store> format apache2 type elasticsearch tag backend.apache logstash_format true </source> </store> # logs from client libraries <store> <source> type webhdfs type forward host 192.x.y.z port 24224 port 50070 </source> path /path/to/hdfs </store> </match>
SLIDE 36
Who uses Fluentd in production ?
SLIDE 37
SLIDE 38
SLIDE 39
We collect 800k events per second !
SLIDE 40
Internet of Things
SLIDE 41 Internet of Things
Facts
- IoT will grow to many billions of devices over the
next decade.
- Now it's about device to device connectivity.
- Difgerent frameworks and protocols are emerging.
- It needs Logging.
SLIDE 42 Internet of Things
Alliances
Vendors formed alliances to join forces and develop generic software layers for their products:
SLIDE 43
Internet of Things
Solutions provided
Alliance Framework
→ →
SLIDE 44 IoT & Big Data
Analytics
IoT requires a generic solution to collect events and data from difgerent sources for further analysis. Data can come from a specifjc framework, radio device, sensor or other. How do we collect and unify data properly ?
SLIDE 46 Fluent Bit is an open source data collector
It let's you collect data from IoT/Embedded devices and transport It to third party services.
SLIDE 47 Fluent Bit
Targets
- Services
- Sensors / Signals / Radios
- Operating System information
- Automotive / Telematics
SLIDE 48 Fluent Bit
Requirements
IoT and Embedded environment requires special handling, specifjcally on performance and resource utilization:
- Lightweight
- Written in C Language
- Customizable, pluggable architecture
- Full integration with Fluentd
SLIDE 49
Fluent Bit
Integration
SLIDE 50
Fluent Bit
Direct Output
SLIDE 51
Containers
SLIDE 52
SLIDE 53 Docker
Logging driver
- Docker v1.6 released the concept of logging drivers
- Route container output
- Fluentd ?
SLIDE 54
Docker
SLIDE 55
Docker v1.8
Fluentd Logging driver!
SLIDE 56 We Love Data!
Thank you!
- http://fmuentd.org
- http://fmuentbit.io
- https://docs.docker.com/reference/logging/fmuentd/
- http://github.com/fmuent/fmuentd
