For what its worth we use SumoLogic and the magic parsing search looks like
this:
parse regex field=message "^(?<glog_severity>[IWE])(?<glog_date>[0-9]{4}
[0-9:.]*) [0-9]*
(?<glog_source_file>[0-9a-zA-Z.]*):(?<glog_source_line>[0-9]*)]
(?<glog_message>.*)$"
On Mon, Dec 19, 2016 at 11:15 AM Joris Van Remoortere <jo...@mesosphere.io>
wrote:
> @Zhitao are you looking specifically for structure or just for tagging?
> glog does already have support for custom tags in the header. I don't know
> if this is enough for your use case though.
>
> —
> *Joris Van Remoortere*
> Mesosphere
>
> On Mon, Dec 19, 2016 at 9:58 AM, James Peach <jor...@gmail.com> wrote:
>
>
> > On Dec 19, 2016, at 9:43 AM, Zhitao Li <zhitaoli...@gmail.com> wrote:
> >
> > Hi,
> >
> > I'm looking at how to better utilize ElasticSearch to perform log
> analysis for logs from Mesos. It seems like ElasticSearch would generally
> work better for structured logging, but Mesos still uses glog thus all logs
> produced are old-school unstructured lines.
> >
> > I wonder whether anyone has brought the conversation of making Mesos
> logs easier to process, or if anyone has experience to share.
>
> Are you trying to stitch together sequences of events? I that case, would
> direct event logging be more useful?
>
> J
>
>
>
