SlideShare a Scribd company logo

Fluentd meetup 2019

cosmo0920
cosmo0920

Fluentd meetup slide 2019/07/17. About Windows EventLog current status of Fluentd plugin.

Software
1 of 46
Download to read offline
Fluentd meets Unicode Windows EventLog Fluentd meetup 2019 ClearCode Inc. Hiroshi Hatake
Agenda • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
Agenda • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
Motivation • in_windows_eventlog has some issues... • 😰Unicode character handling. Sometimes garbage chracters are generated. • 😥Memory consumption in flood of windows event • 😨Sometimes it causes SEGV • 😅CPU spike when resuming operation • 😱At least one event should exist in the listening channel on starting to listen. Otherwise, nothing to be read • And they are caused by dependent gem which is named win32- eventlog
Next Topic • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
winevt_c (new gem): Code examples Just querying for specified channel
winevt_c (new gem): Code examples Update bookmark for querying channel
winevt_c (new gem): Code examples Subscribe channel
winevt_c (new gem) • It solves win32-eventlog issues • 😊Improve Unicode character handling. • 😋It doesn’t cause SEGV on the same situation • 😃CPU spike when resuming operation is declined • 😗Reduce memory consumption in flood of windows event • This issue still exists but it is reduced memory consumption • 😁At least one event should exist in the listening channel on starting to listen. • Empty channel can also subscribe. The older one will be staled.
winevt_c (new gem) The relationship of plugins and gems in this talk In_windows_eventlog win32-eventlog In_windows_eventlog2 winevt_c
Next Topic • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
Unicode Character handling • What is Unicode? In Windows context, it means UTF-16. In Ruby C extension context, it means UTF-8.
Unicode Character handling: What is the difference between ANSI and Unicode? • In Windows, ANSI means current code page • In Japanese Edition Windows, it is CP932 (Windows-31J). • -A suffixed API uses ANSI character encoding • In Windows, Unicode means UTF-16 • -W suffixed API uses UTF-16 character encoding • PWSTR and such W contained typed API arguments also use UTF-16 character encoding
Unicode Character handling • We need to convert from UTF-16 to target character encoding • In this case, target encoding is UTF-8 • But, win32-eventlog gem uses OpenEventLogA, ReadEventLogA (ANSI version) • To handle Unicode characters correctly, we need to use OpenEventLogW, ReadEventLogW (Unicode version) • win32-eventlog gem development is inactive in recent days. • Unicode version patch exists, but it have not been merged in....
Next Topic • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
Using ANSI code page issues • On Japanese Edition Windows' default code page can handle... • Alphabets • Greek letters • Cyrillic alphabets • Hiragana, Katakana • JIS level 1 and 2 Kanji sets (Chinese Characters) • But other characters cannot handle with cp932 (In Japanese Edition Windows)
Using ANSI code page issues: UTF-8 contains more characters! • UTF-8 can also handles... • Alphabets • Greek letters • Cyrillic alphabets • Hiragana, Katakana • JIS level 1 and 2 Kanji set (Chinese Characters) • And... • diacritical mark (such as umlaut in German: ä, ö, ü) • Hebrew, Arabic, Devanagari (Hindi) • South East Asia Characters (Thai, Laotian... etc.) • And Emoji!! 😎
Using ANSI code page issues: Solution • We decide to develop the brand new gem which is named winevt_c. • 😍It uses new Windows API that is defined in <winevt.h> • 😉The new API provides bookmark which is used to resume operation • 😊Unicode API • But this gem is written in C and C++ • 😭Users need to build C/C++ extension code by themselves • 😮Current RubyInstaller bundles MSYS2 system. Users can use gcc and g++ after MSYS2 installation which is kicked by RubyInstaller.
Next Topic • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
Unicode Testing: Environment • Windows 10 Home 1903 64bit • Japanese Edition (cp932, Windows-31J) • Writing Windows EventLog • Benchmark tool written in C# • Terminal: • PowerShell Core 6 on Windows Terminal(Preview) • Used Windows Terminal Profile is here
Unicode Testing: Writing Events in .NET (picked up) // Alphabets // Non-ASCII symbols // Japanese // Thai // Cyrillic // Greek letters // Arabic alphabets // Devanagari // Unicod-ish Kaomoji // Emoji
Unicode Testing: Writing Events PS> EventLogbencher.exe -w 10 -t 10 • 10 Events Written into Benchmark channel
Unicode Testing: Configuration (old plugin) from_encoding/encoding parameters are needed to handle character encoding correctly but still unhandled characters exist. And using default read_interval: 2s.
Unicode Testing: Configuration (new plugin) No need to specify from_encoding/encoding parameters. And new plugin always handles character encoding as UTF-8. And using default read_interval: 2s.
Unicode Testing: Execution Log (old plugin) The following characters are broken • Symbol ⒻⓁⓉⒹ™​ • Thai • Arabic • Devanagari (Hindi) • Unicode contained Kaomoji • Emoji
Unicode Testing: Execution Log (new plugin) The following characters are rendered • Symbol ⒻⓁⓉⒹ™ • Thai • Arabic (but slightly wrong rendered) • Devanagari (Hindi) • Unicode contained Kaomoji • Emoji
Next Topic • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
Benchmark • Collector Node • Windows 10 1809 2 vCPU 4GB Standard SSD • Benchmark tool written in C# • Aggregator Node • Ubuntu 18.04 2 vCPU 4GB Standard SSD • They are also Azure instances Write EventLog Collector Node Aggregator Node
Benchmark: Flow Rate of Events • 1000000 events total • About 91 events per seconds PS> EventLogbencher.exe -w 100 -t 10000000 • 1 million Events Written into Benchmark channel
Benchmark: Configuration (old) Collector node Aggregator node # or stdout
Benchmark: Configuration (new) Collector node Aggregator node # or stdout
Benchmark (old plugin) Flow rate: 91.34361 events per seconds
Benchmark (new plugin) Flow rate: 91.30634 events per seconds
Benchmark Result: in_windows_eventlog • Pros • 😀Low CPU usage • Cons • 😣High memory usage • 😫Incomplete Unicode handling
Benchmark Result: in_windows_eventlog2 • Pros • 😀Low memory usage • 😋Unicode handling • 😊Immediately subscribe channel even if it's empty on subscribe • Cons • 😣Slightly higher CPU usage rather than old plugin's
Next Topic • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
Throughput Benchmark • Collector Node • Windows 10 1809 2 vCPU 4GB Standard SSD • Benchmark tool written in C# • Aggregator Node • Ubuntu 18.04 2 vCPU 4GB Standard SSD • They are also Azure instances Write EventLog Collector Node Aggregator Node
Throughput Benchmark • 500000 events total • Increase flow rate of events step by step • PS> EventLogbencher.exe -w 50 -t 5000000 • 159.4378 events per seconds • PS> EventLogbencher.exe -w 30 -t 5000000 • 293.4133 events per seconds • PS> EventLogbencher.exe -w 20 -t 5000000 • 314.823 events per seconds • PS> EventLogbencher.exe -w 15 -t 5000000 • 321.7238 events per seconds • PS> EventLogbencher.exe -w 10 -t 5000000 • Stuck 🤢 • 598.8318 events per seconds • chunk bytes limit exceeds for an emitted event stream warning is generated from Fluentd....
Throughput Benchmark: Configuration Collector node Aggregator node # or stdout
Throughput Benchmark: Result 1
Throughput Benchmark: Result 2
Throughput Benchmark: Result 3
Throughput Benchmark: Result 4
Conclusion • The new plugin which is named in_windows_eventlog2 does... • Improve Unicode handling • Reduce memory consumption • Solve CPU spike after resuming operation • The new plugin might be going to solve... • Slightly higher CPU usage than old plugin's • The new plugin can handle about 300 events per second with default read interval.
Epilogue: Current fluent-plugin-windows-eventlog status • The new plugin which is named in_windows_eventlog2 • Included fluent-plugin-windows-eventlog v0.3.0 • We want to hear more user voices and use cases • Installation is harder than the older one Let's enjoy Monitoring Windows EventLog! 😁
Any Questions?

Recommended

Chef for DevOps - an Introduction
Chef for DevOps - an IntroductionChef for DevOps - an Introduction
Chef for DevOps - an IntroductionSanjeev Sharma
 
Jenkins Overview
Jenkins OverviewJenkins Overview
Jenkins OverviewAhmed M. Gomaa
 
Dev ops using Jenkins
Dev ops using JenkinsDev ops using Jenkins
Dev ops using JenkinsSynergetics Learning and Cloud Consulting
 
Gitlab CI/CD
Gitlab CI/CDGitlab CI/CD
Gitlab CI/CDJEMLI Fathi
 
Jenkins-CI
Jenkins-CIJenkins-CI
Jenkins-CIGong Haibing
 
Accelerating with Ansible
Accelerating with AnsibleAccelerating with Ansible
Accelerating with AnsibleGlobal Knowledge Training
 
Load Balancing Apps in Docker Swarm with NGINX
Load Balancing Apps in Docker Swarm with NGINXLoad Balancing Apps in Docker Swarm with NGINX
Load Balancing Apps in Docker Swarm with NGINXNGINX, Inc.
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX, Inc.
 

Recommended

Chef for DevOps - an Introduction
Chef for DevOps - an IntroductionChef for DevOps - an Introduction
Chef for DevOps - an IntroductionSanjeev Sharma
 
Jenkins Overview
Jenkins OverviewJenkins Overview
Jenkins OverviewAhmed M. Gomaa
 
Dev ops using Jenkins
Dev ops using JenkinsDev ops using Jenkins
Dev ops using JenkinsSynergetics Learning and Cloud Consulting
 
Gitlab CI/CD
Gitlab CI/CDGitlab CI/CD
Gitlab CI/CDJEMLI Fathi
 
Jenkins-CI
Jenkins-CIJenkins-CI
Jenkins-CIGong Haibing
 
Accelerating with Ansible
Accelerating with AnsibleAccelerating with Ansible
Accelerating with AnsibleGlobal Knowledge Training
 
Load Balancing Apps in Docker Swarm with NGINX
Load Balancing Apps in Docker Swarm with NGINXLoad Balancing Apps in Docker Swarm with NGINX
Load Balancing Apps in Docker Swarm with NGINXNGINX, Inc.
 
NGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX: High Performance Load Balancing
NGINX: High Performance Load BalancingNGINX, Inc.
 
Jenkins.pdf
Jenkins.pdfJenkins.pdf
Jenkins.pdf326KUBAVATHARSHALBHA
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionMartin Danielsson
 
EVCache at Netflix
EVCache at NetflixEVCache at Netflix
EVCache at NetflixShashi Shekar Madappa
 
Introduction to CICD
Introduction to CICDIntroduction to CICD
Introduction to CICDKnoldus Inc.
 
Kubernetes Architecture - beyond a black box - Part 2
Kubernetes Architecture - beyond a black box - Part 2Kubernetes Architecture - beyond a black box - Part 2
Kubernetes Architecture - beyond a black box - Part 2Hao H. Zhang
 
"DevOps > CI+CD "
"DevOps > CI+CD ""DevOps > CI+CD "
"DevOps > CI+CD "Innovation Roots
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
Introduction to CI/CD
Introduction to CI/CDIntroduction to CI/CD
Introduction to CI/CDSteve Mactaggart
 
SRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call CultureSRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call Culturesmalltown
 
Docker Advanced registry usage
Docker Advanced registry usageDocker Advanced registry usage
Docker Advanced registry usageDocker, Inc.
 
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps WayDevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Waysmalltown
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionPeng Xiao
 
Kubernetes
KubernetesKubernetes
KubernetesLhouceine OUHAMZA
 
ELK, a real case study
ELK, a real case studyELK, a real case study
ELK, a real case studyPaolo Tonin
 
Learn nginx in 90mins
Learn nginx in 90minsLearn nginx in 90mins
Learn nginx in 90minsLarry Cai
 
Ansible 101
Ansible 101Ansible 101
Ansible 101YI-CHING WU
 
ネットワークエンジニアのための Puppet / Chef
ネットワークエンジニアのための Puppet / Chefネットワークエンジニアのための Puppet / Chef
ネットワークエンジニアのための Puppet / Chefnpsg
 
Devops | CICD Pipeline
Devops | CICD PipelineDevops | CICD Pipeline
Devops | CICD PipelineBinish Siddiqui
 
Removing performance bottlenecks with Kafka Monitoring and topic configuration
Removing performance bottlenecks with Kafka Monitoring and topic configurationRemoving performance bottlenecks with Kafka Monitoring and topic configuration
Removing performance bottlenecks with Kafka Monitoring and topic configurationKnoldus Inc.
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesImesh Gunaratne
 
GNAT Pro User Day: Ada Factory
GNAT Pro User Day: Ada FactoryGNAT Pro User Day: Ada Factory
GNAT Pro User Day: Ada FactoryAdaCore
 
Living in a multiligual world: Internationalization for Web 2.0 Applications
Living in a multiligual world: Internationalization for Web 2.0 ApplicationsLiving in a multiligual world: Internationalization for Web 2.0 Applications
Living in a multiligual world: Internationalization for Web 2.0 ApplicationsLars Trieloff
 

More Related Content

What's hot

Introduction to CICD
Introduction to CICDIntroduction to CICD
Introduction to CICDKnoldus Inc.
 
Kubernetes Architecture - beyond a black box - Part 2
Kubernetes Architecture - beyond a black box - Part 2Kubernetes Architecture - beyond a black box - Part 2
Kubernetes Architecture - beyond a black box - Part 2Hao H. Zhang
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Edureka!
 
SRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call CultureSRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call Culturesmalltown
 
Docker Advanced registry usage
Docker Advanced registry usageDocker Advanced registry usage
Docker Advanced registry usageDocker, Inc.
 
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps WayDevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Waysmalltown
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes IntroductionPeng Xiao
 
ELK, a real case study
ELK, a real case studyELK, a real case study
ELK, a real case studyPaolo Tonin
 
Learn nginx in 90mins
Learn nginx in 90minsLearn nginx in 90mins
Learn nginx in 90minsLarry Cai
 
ネットワークエンジニアのための Puppet / Chef
ネットワークエンジニアのための Puppet / Chefネットワークエンジニアのための Puppet / Chef
ネットワークエンジニアのための Puppet / Chefnpsg
 
Removing performance bottlenecks with Kafka Monitoring and topic configuration
Removing performance bottlenecks with Kafka Monitoring and topic configurationRemoving performance bottlenecks with Kafka Monitoring and topic configuration
Removing performance bottlenecks with Kafka Monitoring and topic configurationKnoldus Inc.
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to KubernetesImesh Gunaratne
 

What's hot (20)

Jenkins.pdf
Jenkins.pdfJenkins.pdf
Jenkins.pdf
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
EVCache at Netflix
EVCache at NetflixEVCache at Netflix
EVCache at Netflix
 
Introduction to CICD
Introduction to CICDIntroduction to CICD
Introduction to CICD
 
Kubernetes Architecture - beyond a black box - Part 2
Kubernetes Architecture - beyond a black box - Part 2Kubernetes Architecture - beyond a black box - Part 2
Kubernetes Architecture - beyond a black box - Part 2
 
"DevOps > CI+CD "
"DevOps > CI+CD ""DevOps > CI+CD "
"DevOps > CI+CD "
 
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
Kubernetes Architecture | Understanding Kubernetes Components | Kubernetes Tu...
 
Introduction to CI/CD
Introduction to CI/CDIntroduction to CI/CD
Introduction to CI/CD
 
SRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call CultureSRE Conference 2022 - How to Build a Healthy On-Call Culture
SRE Conference 2022 - How to Build a Healthy On-Call Culture
 
Docker Advanced registry usage
Docker Advanced registry usageDocker Advanced registry usage
Docker Advanced registry usage
 
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps WayDevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
DevOpsDays Taipei 2019 - Mastering IaC the DevOps Way
 
Kubernetes Introduction
Kubernetes IntroductionKubernetes Introduction
Kubernetes Introduction
 
Kubernetes
KubernetesKubernetes
Kubernetes
 
ELK, a real case study
ELK, a real case studyELK, a real case study
ELK, a real case study
 
Learn nginx in 90mins
Learn nginx in 90minsLearn nginx in 90mins
Learn nginx in 90mins
 
Ansible 101
Ansible 101Ansible 101
Ansible 101
 
ネットワークエンジニアのための Puppet / Chef
ネットワークエンジニアのための Puppet / Chefネットワークエンジニアのための Puppet / Chef
ネットワークエンジニアのための Puppet / Chef
 
Devops | CICD Pipeline
Devops | CICD PipelineDevops | CICD Pipeline
Devops | CICD Pipeline
 
Removing performance bottlenecks with Kafka Monitoring and topic configuration
Removing performance bottlenecks with Kafka Monitoring and topic configurationRemoving performance bottlenecks with Kafka Monitoring and topic configuration
Removing performance bottlenecks with Kafka Monitoring and topic configuration
 
An Introduction to Kubernetes
An Introduction to KubernetesAn Introduction to Kubernetes
An Introduction to Kubernetes
 

Similar to Fluentd meetup 2019

GNAT Pro User Day: Ada Factory
GNAT Pro User Day: Ada FactoryGNAT Pro User Day: Ada Factory
GNAT Pro User Day: Ada FactoryAdaCore
 
Living in a multiligual world: Internationalization for Web 2.0 Applications
Living in a multiligual world: Internationalization for Web 2.0 ApplicationsLiving in a multiligual world: Internationalization for Web 2.0 Applications
Living in a multiligual world: Internationalization for Web 2.0 ApplicationsLars Trieloff
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...CODE BLUE
 
Lean Software Production and Qualification Infrastructures
Lean Software Production and Qualification InfrastructuresLean Software Production and Qualification Infrastructures
Lean Software Production and Qualification InfrastructuresAdaCore
 
Living in a Multi-lingual World: Internationalization in Web and Desktop Appl...
Living in a Multi-lingual World: Internationalization in Web and Desktop Appl...Living in a Multi-lingual World: Internationalization in Web and Desktop Appl...
Living in a Multi-lingual World: Internationalization in Web and Desktop Appl...adunne
 
GPCE16: Automatic Non-functional Testing of Code Generators Families
GPCE16: Automatic Non-functional Testing of Code Generators FamiliesGPCE16: Automatic Non-functional Testing of Code Generators Families
GPCE16: Automatic Non-functional Testing of Code Generators FamiliesMohamed BOUSSAA
 
Micro servoces-choose-the-right-tools-programing-language
Micro servoces-choose-the-right-tools-programing-languageMicro servoces-choose-the-right-tools-programing-language
Micro servoces-choose-the-right-tools-programing-languageYouness Lasmak
 
Implementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migrationImplementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migrationYan Vugenfirer
 
"You Don't Know NODE.JS" by Hengki Mardongan Sihombing (Urbanhire)
"You Don't Know NODE.JS" by Hengki Mardongan Sihombing (Urbanhire)"You Don't Know NODE.JS" by Hengki Mardongan Sihombing (Urbanhire)
"You Don't Know NODE.JS" by Hengki Mardongan Sihombing (Urbanhire)Tech in Asia ID
 
JUC Europe 2015: A Reproducible Build Environment with Jenkins
JUC Europe 2015: A Reproducible Build Environment with JenkinsJUC Europe 2015: A Reproducible Build Environment with Jenkins
JUC Europe 2015: A Reproducible Build Environment with JenkinsCloudBees
 
Asynchronous web-development with Python
Asynchronous web-development with PythonAsynchronous web-development with Python
Asynchronous web-development with PythonAnton Caceres
 
Pharo Virtual Machine: News from the Front
Pharo Virtual Machine: News from the FrontPharo Virtual Machine: News from the Front
Pharo Virtual Machine: News from the FrontESUG
 
Network Programming With Anyevent
Network Programming With AnyeventNetwork Programming With Anyevent
Network Programming With AnyeventPedro Melo
 
Developing a mobile cross-platform library
Developing a mobile cross-platform libraryDeveloping a mobile cross-platform library
Developing a mobile cross-platform libraryKostis Dadamis
 
Windows 8 Hot or Not
Windows 8 Hot or NotWindows 8 Hot or Not
Windows 8 Hot or Notpwlodek
 
Dino2 - the Amazing Evolution of the VA Smalltalk Virtual Machine
Dino2 - the Amazing Evolution of the VA Smalltalk Virtual MachineDino2 - the Amazing Evolution of the VA Smalltalk Virtual Machine
Dino2 - the Amazing Evolution of the VA Smalltalk Virtual MachineESUG
 
Radu vunvulea building and testing windows 8 metro style applications using ...
Radu vunvulea building and testing windows 8 metro style applications using ...Radu vunvulea building and testing windows 8 metro style applications using ...
Radu vunvulea building and testing windows 8 metro style applications using ...Radu Vunvulea
 
Code quality par Simone Civetta
Code quality par Simone CivettaCode quality par Simone Civetta
Code quality par Simone CivettaCocoaHeads France
 

Similar to Fluentd meetup 2019 (20)

GNAT Pro User Day: Ada Factory
GNAT Pro User Day: Ada FactoryGNAT Pro User Day: Ada Factory
GNAT Pro User Day: Ada Factory
 
Living in a multiligual world: Internationalization for Web 2.0 Applications
Living in a multiligual world: Internationalization for Web 2.0 ApplicationsLiving in a multiligual world: Internationalization for Web 2.0 Applications
Living in a multiligual world: Internationalization for Web 2.0 Applications
 
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
[cb22] Your Printer is not your Printer ! - Hacking Printers at Pwn2Own by A...
 
Lean Software Production and Qualification Infrastructures
Lean Software Production and Qualification InfrastructuresLean Software Production and Qualification Infrastructures
Lean Software Production and Qualification Infrastructures
 
Living in a Multi-lingual World: Internationalization in Web and Desktop Appl...
Living in a Multi-lingual World: Internationalization in Web and Desktop Appl...Living in a Multi-lingual World: Internationalization in Web and Desktop Appl...
Living in a Multi-lingual World: Internationalization in Web and Desktop Appl...
 
GPCE16: Automatic Non-functional Testing of Code Generators Families
GPCE16: Automatic Non-functional Testing of Code Generators FamiliesGPCE16: Automatic Non-functional Testing of Code Generators Families
GPCE16: Automatic Non-functional Testing of Code Generators Families
 
Micro servoces-choose-the-right-tools-programing-language
Micro servoces-choose-the-right-tools-programing-languageMicro servoces-choose-the-right-tools-programing-language
Micro servoces-choose-the-right-tools-programing-language
 
Continuous Integration 101
Continuous Integration 101Continuous Integration 101
Continuous Integration 101
 
Implementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migrationImplementing SR-IOv failover for Windows guests during live migration
Implementing SR-IOv failover for Windows guests during live migration
 
"You Don't Know NODE.JS" by Hengki Mardongan Sihombing (Urbanhire)
"You Don't Know NODE.JS" by Hengki Mardongan Sihombing (Urbanhire)"You Don't Know NODE.JS" by Hengki Mardongan Sihombing (Urbanhire)
"You Don't Know NODE.JS" by Hengki Mardongan Sihombing (Urbanhire)
 
JUC Europe 2015: A Reproducible Build Environment with Jenkins
JUC Europe 2015: A Reproducible Build Environment with JenkinsJUC Europe 2015: A Reproducible Build Environment with Jenkins
JUC Europe 2015: A Reproducible Build Environment with Jenkins
 
Asynchronous web-development with Python
Asynchronous web-development with PythonAsynchronous web-development with Python
Asynchronous web-development with Python
 
Node.js for beginner
Node.js for beginnerNode.js for beginner
Node.js for beginner
 
Pharo Virtual Machine: News from the Front
Pharo Virtual Machine: News from the FrontPharo Virtual Machine: News from the Front
Pharo Virtual Machine: News from the Front
 
Network Programming With Anyevent
Network Programming With AnyeventNetwork Programming With Anyevent
Network Programming With Anyevent
 
Developing a mobile cross-platform library
Developing a mobile cross-platform libraryDeveloping a mobile cross-platform library
Developing a mobile cross-platform library
 
Windows 8 Hot or Not
Windows 8 Hot or NotWindows 8 Hot or Not
Windows 8 Hot or Not
 
Dino2 - the Amazing Evolution of the VA Smalltalk Virtual Machine
Dino2 - the Amazing Evolution of the VA Smalltalk Virtual MachineDino2 - the Amazing Evolution of the VA Smalltalk Virtual Machine
Dino2 - the Amazing Evolution of the VA Smalltalk Virtual Machine
 
Radu vunvulea building and testing windows 8 metro style applications using ...
Radu vunvulea building and testing windows 8 metro style applications using ...Radu vunvulea building and testing windows 8 metro style applications using ...
Radu vunvulea building and testing windows 8 metro style applications using ...
 
Code quality par Simone Civetta
Code quality par Simone CivettaCode quality par Simone Civetta
Code quality par Simone Civetta
 

More from cosmo0920

Prometheus meetup tokyo#3 slide
Prometheus meetup tokyo#3 slidePrometheus meetup tokyo#3 slide
Prometheus meetup tokyo#3 slidecosmo0920
 
20160730 fluentd meetup in matsue slide
20160730 fluentd meetup in matsue slide20160730 fluentd meetup in matsue slide
20160730 fluentd meetup in matsue slidecosmo0920
 
新宿Scala座2014 3月号スライド
新宿Scala座2014 3月号スライド新宿Scala座2014 3月号スライド
新宿Scala座2014 3月号スライドcosmo0920
 
Kernelvm-9th-lt
Kernelvm-9th-ltKernelvm-9th-lt
Kernelvm-9th-ltcosmo0920
 
カーネル VM懇親会LT
カーネル VM懇親会LTカーネル VM懇親会LT
カーネル VM懇親会LTcosmo0920
 
カーネルVm関西その参lt
カーネルVm関西その参ltカーネルVm関西その参lt
カーネルVm関西その参ltcosmo0920
 

More from cosmo0920 (6)

Prometheus meetup tokyo#3 slide
Prometheus meetup tokyo#3 slidePrometheus meetup tokyo#3 slide
Prometheus meetup tokyo#3 slide
 
20160730 fluentd meetup in matsue slide
20160730 fluentd meetup in matsue slide20160730 fluentd meetup in matsue slide
20160730 fluentd meetup in matsue slide
 
新宿Scala座2014 3月号スライド
新宿Scala座2014 3月号スライド新宿Scala座2014 3月号スライド
新宿Scala座2014 3月号スライド
 
Kernelvm-9th-lt
Kernelvm-9th-ltKernelvm-9th-lt
Kernelvm-9th-lt
 
カーネル VM懇親会LT
カーネル VM懇親会LTカーネル VM懇親会LT
カーネル VM懇親会LT
 
カーネルVm関西その参lt
カーネルVm関西その参ltカーネルVm関西その参lt
カーネルVm関西その参lt
 

Recently uploaded

why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...aditisharan08
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 

Recently uploaded (20)

why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...Unit 1.1 Excite Part 1, class 9, cbse...
Unit 1.1 Excite Part 1, class 9, cbse...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 

Fluentd meetup 2019

  • 1. Fluentd meets Unicode Windows EventLog Fluentd meetup 2019 ClearCode Inc. Hiroshi Hatake
  • 2. Agenda • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
  • 3. Agenda • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
  • 4. Motivation • in_windows_eventlog has some issues... • 😰Unicode character handling. Sometimes garbage chracters are generated. • 😥Memory consumption in flood of windows event • 😨Sometimes it causes SEGV • 😅CPU spike when resuming operation • 😱At least one event should exist in the listening channel on starting to listen. Otherwise, nothing to be read • And they are caused by dependent gem which is named win32- eventlog
  • 5. Next Topic • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
  • 6. winevt_c (new gem): Code examples Just querying for specified channel
  • 7. winevt_c (new gem): Code examples Update bookmark for querying channel
  • 8. winevt_c (new gem): Code examples Subscribe channel
  • 9. winevt_c (new gem) • It solves win32-eventlog issues • 😊Improve Unicode character handling. • 😋It doesn’t cause SEGV on the same situation • 😃CPU spike when resuming operation is declined • 😗Reduce memory consumption in flood of windows event • This issue still exists but it is reduced memory consumption • 😁At least one event should exist in the listening channel on starting to listen. • Empty channel can also subscribe. The older one will be staled.
  • 10. winevt_c (new gem) The relationship of plugins and gems in this talk In_windows_eventlog win32-eventlog In_windows_eventlog2 winevt_c
  • 11. Next Topic • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
  • 12. Unicode Character handling • What is Unicode? In Windows context, it means UTF-16. In Ruby C extension context, it means UTF-8.
  • 13. Unicode Character handling: What is the difference between ANSI and Unicode? • In Windows, ANSI means current code page • In Japanese Edition Windows, it is CP932 (Windows-31J). • -A suffixed API uses ANSI character encoding • In Windows, Unicode means UTF-16 • -W suffixed API uses UTF-16 character encoding • PWSTR and such W contained typed API arguments also use UTF-16 character encoding
  • 14. Unicode Character handling • We need to convert from UTF-16 to target character encoding • In this case, target encoding is UTF-8 • But, win32-eventlog gem uses OpenEventLogA, ReadEventLogA (ANSI version) • To handle Unicode characters correctly, we need to use OpenEventLogW, ReadEventLogW (Unicode version) • win32-eventlog gem development is inactive in recent days. • Unicode version patch exists, but it have not been merged in....
  • 15. Next Topic • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
  • 16. Using ANSI code page issues • On Japanese Edition Windows' default code page can handle... • Alphabets • Greek letters • Cyrillic alphabets • Hiragana, Katakana • JIS level 1 and 2 Kanji sets (Chinese Characters) • But other characters cannot handle with cp932 (In Japanese Edition Windows)
  • 17. Using ANSI code page issues: UTF-8 contains more characters! • UTF-8 can also handles... • Alphabets • Greek letters • Cyrillic alphabets • Hiragana, Katakana • JIS level 1 and 2 Kanji set (Chinese Characters) • And... • diacritical mark (such as umlaut in German: ä, ö, ü) • Hebrew, Arabic, Devanagari (Hindi) • South East Asia Characters (Thai, Laotian... etc.) • And Emoji!! 😎
  • 18. Using ANSI code page issues: Solution • We decide to develop the brand new gem which is named winevt_c. • 😍It uses new Windows API that is defined in <winevt.h> • 😉The new API provides bookmark which is used to resume operation • 😊Unicode API • But this gem is written in C and C++ • 😭Users need to build C/C++ extension code by themselves • 😮Current RubyInstaller bundles MSYS2 system. Users can use gcc and g++ after MSYS2 installation which is kicked by RubyInstaller.
  • 19. Next Topic • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
  • 20. Unicode Testing: Environment • Windows 10 Home 1903 64bit • Japanese Edition (cp932, Windows-31J) • Writing Windows EventLog • Benchmark tool written in C# • Terminal: • PowerShell Core 6 on Windows Terminal(Preview) • Used Windows Terminal Profile is here
  • 21. Unicode Testing: Writing Events in .NET (picked up) // Alphabets // Non-ASCII symbols // Japanese // Thai // Cyrillic // Greek letters // Arabic alphabets // Devanagari // Unicod-ish Kaomoji // Emoji
  • 22. Unicode Testing: Writing Events PS> EventLogbencher.exe -w 10 -t 10 • 10 Events Written into Benchmark channel
  • 23. Unicode Testing: Configuration (old plugin) from_encoding/encoding parameters are needed to handle character encoding correctly but still unhandled characters exist. And using default read_interval: 2s.
  • 24. Unicode Testing: Configuration (new plugin) No need to specify from_encoding/encoding parameters. And new plugin always handles character encoding as UTF-8. And using default read_interval: 2s.
  • 25. Unicode Testing: Execution Log (old plugin) The following characters are broken • Symbol ⒻⓁⓉⒹ™​ • Thai • Arabic • Devanagari (Hindi) • Unicode contained Kaomoji • Emoji
  • 26. Unicode Testing: Execution Log (new plugin) The following characters are rendered • Symbol ⒻⓁⓉⒹ™ • Thai • Arabic (but slightly wrong rendered) • Devanagari (Hindi) • Unicode contained Kaomoji • Emoji
  • 27. Next Topic • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
  • 28. Benchmark • Collector Node • Windows 10 1809 2 vCPU 4GB Standard SSD • Benchmark tool written in C# • Aggregator Node • Ubuntu 18.04 2 vCPU 4GB Standard SSD • They are also Azure instances Write EventLog Collector Node Aggregator Node
  • 29. Benchmark: Flow Rate of Events • 1000000 events total • About 91 events per seconds PS> EventLogbencher.exe -w 100 -t 10000000 • 1 million Events Written into Benchmark channel
  • 30. Benchmark: Configuration (old) Collector node Aggregator node # or stdout
  • 31. Benchmark: Configuration (new) Collector node Aggregator node # or stdout
  • 32. Benchmark (old plugin) Flow rate: 91.34361 events per seconds
  • 33. Benchmark (new plugin) Flow rate: 91.30634 events per seconds
  • 34. Benchmark Result: in_windows_eventlog • Pros • 😀Low CPU usage • Cons • 😣High memory usage • 😫Incomplete Unicode handling
  • 35. Benchmark Result: in_windows_eventlog2 • Pros • 😀Low memory usage • 😋Unicode handling • 😊Immediately subscribe channel even if it's empty on subscribe • Cons • 😣Slightly higher CPU usage rather than old plugin's
  • 36. Next Topic • Motivation • About winevt_c • Unicode Character handling • Using ANSI code page issues • Unicode Testing • Benchmark • Throughput Benchmark • Conclusion
  • 37. Throughput Benchmark • Collector Node • Windows 10 1809 2 vCPU 4GB Standard SSD • Benchmark tool written in C# • Aggregator Node • Ubuntu 18.04 2 vCPU 4GB Standard SSD • They are also Azure instances Write EventLog Collector Node Aggregator Node
  • 38. Throughput Benchmark • 500000 events total • Increase flow rate of events step by step • PS> EventLogbencher.exe -w 50 -t 5000000 • 159.4378 events per seconds • PS> EventLogbencher.exe -w 30 -t 5000000 • 293.4133 events per seconds • PS> EventLogbencher.exe -w 20 -t 5000000 • 314.823 events per seconds • PS> EventLogbencher.exe -w 15 -t 5000000 • 321.7238 events per seconds • PS> EventLogbencher.exe -w 10 -t 5000000 • Stuck 🤢 • 598.8318 events per seconds • chunk bytes limit exceeds for an emitted event stream warning is generated from Fluentd....
  • 39. Throughput Benchmark: Configuration Collector node Aggregator node # or stdout
  • 44. Conclusion • The new plugin which is named in_windows_eventlog2 does... • Improve Unicode handling • Reduce memory consumption • Solve CPU spike after resuming operation • The new plugin might be going to solve... • Slightly higher CPU usage than old plugin's • The new plugin can handle about 300 events per second with default read interval.
  • 45. Epilogue: Current fluent-plugin-windows-eventlog status • The new plugin which is named in_windows_eventlog2 • Included fluent-plugin-windows-eventlog v0.3.0 • We want to hear more user voices and use cases • Installation is harder than the older one Let's enjoy Monitoring Windows EventLog! 😁