Charles,
Thanks for sharing the pattern. If my reading is right, this will extract
the entire message line as one string. What I'm looking for is: on top of
extracting the entire message line, also break it into structured fields
automatically.
On Mon, Dec 19, 2016 at 1:59 PM, Charles Allen <
charles.al...@metamarkets.com> wrote:
> For what its worth we use SumoLogic and the magic parsing search looks like
> this:
>
> parse regex field=message "^(?<glog_severity>[IWE])(?<glog_date>[0-9]{4}
> [0-9:.]*) [0-9]*
> (?<glog_source_file>[0-9a-zA-Z.]*):(?<glog_source_line>[0-9]*)]
> (?<glog_message>.*)$"
>
>
>
> On Mon, Dec 19, 2016 at 11:15 AM Joris Van Remoortere <jo...@mesosphere.io
> >
> wrote:
>
> > @Zhitao are you looking specifically for structure or just for tagging?
> > glog does already have support for custom tags in the header. I don't
> know
> > if this is enough for your use case though.
> >
> > —
> > *Joris Van Remoortere*
> > Mesosphere
> >
> > On Mon, Dec 19, 2016 at 9:58 AM, James Peach <jor...@gmail.com> wrote:
> >
> >
> > > On Dec 19, 2016, at 9:43 AM, Zhitao Li <zhitaoli...@gmail.com> wrote:
> > >
> > > Hi,
> > >
> > > I'm looking at how to better utilize ElasticSearch to perform log
> > analysis for logs from Mesos. It seems like ElasticSearch would generally
> > work better for structured logging, but Mesos still uses glog thus all
> logs
> > produced are old-school unstructured lines.
> > >
> > > I wonder whether anyone has brought the conversation of making Mesos
> > logs easier to process, or if anyone has experience to share.
> >
> > Are you trying to stitch together sequences of events? I that case, would
> > direct event logging be more useful?
> >
> > J
> >
> >
> >
>
--
Cheers,
Zhitao Li
