The document discusses open source monitoring tools and trends from 2008 to 2016. It begins by providing background on the speaker and their experience transitioning from a developer to operations role. It then outlines reasons why traditional monitoring was disliked (#monitoringsucks), before the rise of tools enabling more automated, metrics-based monitoring brought renewed interest (#monitoringlove). The rest of the document summarizes popular open source monitoring tools for collecting, storing, analyzing, and visualizing metrics and logs at different stages of the monitoring pipeline. It concludes by noting an improved ability to reduce false alarms compared to earlier approaches.

1. From #MonitoringSucks toFrom #MonitoringSucks to
#MonitoringLove#MonitoringLove
Open Source Monitoring in 2016Open Source Monitoring in 2016
@KrisBuytaert
FlossUK 2016, London , UK

2. Kris BuytaertKris Buytaert
● I used to be a Dev,I used to be a Dev,
● Then Became an OpThen Became an Op
● Chief Trolling Officer and Open SourceChief Trolling Officer and Open Source
Consultant @inuits.euConsultant @inuits.eu
● Everything is an effing DNS ProblemEverything is an effing DNS Problem
● Building Clouds since before the bookstoreBuilding Clouds since before the bookstore
● Organising ConferencesOrganising Conferences
● Evangelizing devopsEvangelizing devops

3. An opinionated talk about the Open SourceAn opinionated talk about the Open Source
Monitoring tooling landscapeMonitoring tooling landscape
In which I hope to learn from YOUIn which I hope to learn from YOU

4. #devops=~C(L)AMS#devops=~C(L)AMS
● CultureCulture
● (Lean)(Lean)
● AutomationAutomation
● Monitoring and MeasurementMonitoring and Measurement
● SharingSharing
Damon Edwards and John WillisDamon Edwards and John Willis
Gene KimGene Kim

5. Monitoring is usually anMonitoring is usually an
aftertoughtaftertought
ENOBUDGET, ENOTIMEENOBUDGET, ENOTIME

6. An 2008 OLS PaperAn 2008 OLS Paper
● We have bloated Java toolsWe have bloated Java tools
● Some open Core stuffSome open Core stuff
● DYI folks want traditional NagiosDYI folks want traditional Nagios
● DBA RequiredDBA Required

7. #monitoringsucks#monitoringsucks
● John Vincent (@lusis), june 2011John Vincent (@lusis), june 2011
● A sub #devops movementA sub #devops movement
● https://github.com/monitoringsucks/https://github.com/monitoringsucks/

8. Why #monitoringsucksWhy #monitoringsucks
● Manual config (gui)Manual config (gui)
● Not in sync with realityNot in sync with reality
● Hosts onlyHosts only
● Services sometimesServices sometimes
● Application neverApplication never
● Chaos or out of sync with realityChaos or out of sync with reality
● Alert FatigueAlert Fatigue

9. #monitoringlove#monitoringlove
•
•
Ulf Mansson #devopsdays Rome 2011Ulf Mansson #devopsdays Rome 2011
•
A new era of toolingA new era of tooling
•
#monitoringlove hacksessions @inuits#monitoringlove hacksessions @inuits
•
#monitorama#monitorama

10. What we wantWhat we want
● Small , well suited componentsSmall , well suited components
•
CollectCollect
•
Transport / MangleTransport / Mangle
•
StoreStore
•
AnalyseAnalyse
•
Act / AlertAct / Alert
•
VisualizeVisualize

14. #monitoringlove#monitoringlove
But the love was about :But the love was about :

15. SensuSensu
● Awesome for non staticAwesome for non static
environmentsenvironments
● Scaling a clustered RabbitMQ ?Scaling a clustered RabbitMQ ?
● This is Europe, U no do cloudThis is Europe, U no do cloud

16. Automation ofAutomation of
#monitoring#monitoring
brought backbrought back
thethe #love#love

17. AutomationAutomation

18. Monitoring aMonitoring a serviceservice
vsvs
Monitoring aMonitoring a ServiceService

19. definition of done:definition of done:
monitored and in productionmonitored and in production

20. A software project is not doneA software project is not done
until your last end user is deaduntil your last end user is dead

21. Culture,Culture,
Automation,Automation,
Measurement :Measurement :
measure all the thingsmeasure all the things
SharingSharing

22. CollectD all the metrics,CollectD all the metrics,
at high intervalsat high intervals

23. Oldschool graphiteOldschool graphite

24. Graphite++Graphite++
● APIAPI
● DashboardsDashboards
•
GrafanaGrafana
•
GdashGdash
● Engines :Engines :
•
InfluxDBInfluxDB
•
CyaniteCyanite

25. Draw as InfiniteDraw as Infinite
● Time To DeployTime To Deploy
● DeployDeploy
FrequencyFrequency
● LifecycleLifecycle
frequencyfrequency
● Map to otherMap to other
metricsmetrics

26. Graph-ExplorerGraph-Explorer
● (Vimeo)(Vimeo)
● Metrics 2.0Metrics 2.0
● Add EventsAdd Events

27. GrafanaGrafana

28. Graphs to KnowledgeGraphs to Knowledge
SkylineSkyline
•
OculusOculus
•
Creating Information out of this dataCreating Information out of this data
•
Big dataBig data
•
Machine LearningMachine Learning

29. AggregationAggregation
● Alert on streamsAlert on streams
● Alert on aggregated metricsAlert on aggregated metrics

32. RiemannRiemann
● I still don't get it ?I still don't get it ?
● Distributed TopDistributed Top
● Do you like Clojure ?Do you like Clojure ?
● Riemann Health plugin ?Riemann Health plugin ?
● s/riemann-health/collectd/g;s/riemann-health/collectd/g;
● Output to graphiteOutput to graphite

33. PrometheusPrometheus
● Started 2012Started 2012
● SoundCloudSoundCloud
● Metrics BasedMetrics Based
● ScrapesScrapes
EndpointsEndpoints
•
ExistingExisting
endpoints forendpoints for
limited toolslimited tools
● GraphiteGraphite
ExporterExporter
● Push GatewayPush Gateway
● Great AlertingGreat Alerting
● Might needMight need
some codingsome coding

34. But I have log files..But I have log files..

38. Logs and MetricsLogs and Metrics
● Graylog2Graylog2
● ELSA (Enterprise Log Search andELSA (Enterprise Log Search and
Archive)Archive)
● ELK StackELK Stack

39. ● Collect fromCollect from
anywhereanywhere
● FilterFilter
● Send anywhereSend anywhere

41. Infitnite Diskspace ?Infitnite Diskspace ?
● Logstash outputLogstash output
•
Statsd => GraphiteStatsd => Graphite
•
Keep patterns around,Keep patterns around,
•
Selectively purge dataSelectively purge data
•

42. APMAPM
But what about my apps ?But what about my apps ?
Half the world cheers about SAASHalf the world cheers about SAAS
tools :(tools :(

43. PacketbeatPacketbeat
● Traffic FlowTraffic Flow
through networkthrough network
● TransactionsTransactions
causing errroscausing errros
● SQL per HTTPSQL per HTTP
● API call usageAPI call usage

44. Old PacketBeatOld PacketBeat

45. Beats ?Beats ?
● Elasti.coElasti.co
● Collect, Parse and ShipCollect, Parse and Ship
● Q: Is all the data you care aboutQ: Is all the data you care about
suitable for Elastic Search ?suitable for Elastic Search ?
● What about Long Term Storage ?What about Long Term Storage ?
● Do you even want to build alertingDo you even want to build alerting
from this ?from this ?

46. Checking for FailureChecking for Failure
● IcingaIcinga
•
Automated config generationAutomated config generation
● SensuSensu
•
CloudstyleCloudstyle
● PrometheusPrometheus
•
Metric basedMetric based

47. Waking you up at nightWaking you up at night
● FlapjackFlapjack
flapjack.ioflapjack.io
monitoring notification routing +monitoring notification routing +
event processing systemevent processing system
● OpenDutyOpenDuty
github.com/szechuen/OpenDutygithub.com/szechuen/OpenDuty
Duty managementDuty management

48. AggregatingAggregating
● ThrukThruk
● GrafanaGrafana
● DashingDashing

49. Our Current StackOur Current Stack

50. I love where Monitoring is headingI love where Monitoring is heading
We have much less false positives these daysWe have much less false positives these days

51. ContactContact
Kris Buytaert kris.buytaert@inuits.euKris Buytaert kris.buytaert@inuits.eu
Further ReadingFurther Reading
@krisbuytaert@krisbuytaert
http://www.krisbuytaert.be/blog/http://www.krisbuytaert.be/blog/
http://www.inuits.eu/http://www.inuits.eu/
Find Inuits inFind Inuits in
Brasschaat,Ghent,Brasschaat,Ghent,
Rotterdam,Prague,Rotterdam,Prague,
Kiev,BrnoKiev,Brno