1 |
On 11/01/2014 05:47 AM, Rich Freeman wrote: |
2 |
> On Fri, Oct 31, 2014 at 9:03 PM, Alec Ten Harmsel |
3 |
> <alec@××××××××××××××.com> wrote: |
4 |
>> You guys should check out the ELK stack: |
5 |
>> http://www.elasticsearch.org/overview/ |
6 |
>> |
7 |
>> Basically, transform logs to JSON with logstash, throw the JSON into |
8 |
>> elastic search, and make plots with Kibana. We use it at work; it's |
9 |
>> absolutely fantastic. |
10 |
>> |
11 |
> Hmm, as far as I can tell they don't actually have a parser for |
12 |
> journal logs yet. With systemd the logs are already available in |
13 |
> JSON, though I imagine it would be trivial to transform that to a |
14 |
> different-looking JSON if necessary. |
15 |
|
16 |
I should have been clearer; logstash is for transforming normal text |
17 |
logs into JSON. With the systemd-journal logs already being JSON, I'm |
18 |
sure they could be put straight into elastic search. |
19 |
|
20 |
> |
21 |
> I think it just reflects the fact that everybody is playing catch-up. |
22 |
> Despite originating at Red Hat I suspect that the vast majority of |
23 |
> those running systemd right now are the sorts of folks who don't run |
24 |
> enterprise log monitoring suites. So, the pressure just isn't there |
25 |
> yet to get all that stuff built. |
26 |
|
27 |
Agreed. RHEL7 is brand new, I'm sure most people are still running RHEL |
28 |
6.x and don't have systemd quite yet. |
29 |
|
30 |
That said, I'm sure plenty of shops already have an ELK stack or some |
31 |
other log aggregation in place and adding journal logs will not be too |
32 |
difficult. |
33 |
|
34 |
Alec |