Gentoo Archives: gentoo-user

From: Alec Ten Harmsel <alec@××××××××××××××.com>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] alternative kernels
Date: Sat, 01 Nov 2014 15:50:55
Message-Id: 54550154.4080408@alectenharmsel.com
In Reply to: Re: [gentoo-user] alternative kernels by Rich Freeman
1 On 11/01/2014 05:47 AM, Rich Freeman wrote:
2 > On Fri, Oct 31, 2014 at 9:03 PM, Alec Ten Harmsel
3 > <alec@××××××××××××××.com> wrote:
4 >> You guys should check out the ELK stack:
5 >> http://www.elasticsearch.org/overview/
6 >>
7 >> Basically, transform logs to JSON with logstash, throw the JSON into
8 >> elastic search, and make plots with Kibana. We use it at work; it's
9 >> absolutely fantastic.
10 >>
11 > Hmm, as far as I can tell they don't actually have a parser for
12 > journal logs yet. With systemd the logs are already available in
13 > JSON, though I imagine it would be trivial to transform that to a
14 > different-looking JSON if necessary.
15
16 I should have been clearer; logstash is for transforming normal text
17 logs into JSON. With the systemd-journal logs already being JSON, I'm
18 sure they could be put straight into elastic search.
19
20 >
21 > I think it just reflects the fact that everybody is playing catch-up.
22 > Despite originating at Red Hat I suspect that the vast majority of
23 > those running systemd right now are the sorts of folks who don't run
24 > enterprise log monitoring suites. So, the pressure just isn't there
25 > yet to get all that stuff built.
26
27 Agreed. RHEL7 is brand new, I'm sure most people are still running RHEL
28 6.x and don't have systemd quite yet.
29
30 That said, I'm sure plenty of shops already have an ELK stack or some
31 other log aggregation in place and adding journal logs will not be too
32 difficult.
33
34 Alec