Hi again, I want to inform you all that the search within phpLogCon has been extended to support full and partial searches in Version 2.5.3, available for download here: http://www.phplogcon.org/downloads
I first tests have shown, that filtering by hostname and other string based fields performs much better on database sources now. You can use the submenu buttons on each field within the messages view to perform such a search. If you want to do manual searches, it is very simple. Here is a sample: Search for a full hostname: source:=SERVERNAME (Will only find if the match is 100% = SERVERNAME) Search for a partial hostname source:SERVER (Willmatch if the hostname is SERVER or SERVERNAME). I hope this helps, Best regards, Andre Lorbach > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:rsyslog- > [EMAIL PROTECTED] On Behalf Of Andre Lorbach > Sent: Thursday, July 31, 2008 10:15 AM > To: rsyslog-users > Subject: Re: [rsyslog] tips for managing data > > Hi, > > the like query can indeed have quiet an impact on performance when doing > queries on large databases. > But I think we can expand the syntax, so you can either search by part > of a string (LIKE '%search%') or the whole string (= 'search'). This > should be rather easy to implement. I will put this on my todolist, if > it is as easy as I think, the next minor update of the devel branch will > contain this new feature. > > Best regards, > Andre Lorbach > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:rsyslog- > > [EMAIL PROTECTED] On Behalf Of Rory Toma > > Sent: Thursday, July 31, 2008 4:10 AM > > To: rsyslog-users > > Subject: Re: [rsyslog] tips for managing data > > > > OK, so it seems that doing a query from the query line does a LIKE, > > which can take significantly longer (sample query 8 seconds vs. 50 > msecs...) > > > > So, replacing the LIKE % in logstreamdb.class.db with an = speeds > things > > up quite a but, but I lose some flexibility. Is there some kind of > > search syntax where I can differentiate between LIKE and =? > > > > If not, I'm thinking something like: > > > > source:foo.bar.com # would be using = > > > > ~source:foo # would be using LIKE > > > > > > > > Rory Toma wrote: > > > So, my current mysql rsyslog drops about 20 million rows of data per > day. > > > > > > Over time, this gets slow as tables grow. > > > > > > I'm not a dba, so I was wondering if anyone had some suggestions for > > > keeping performance still on the order of seconds, and not minutes > or hours. > > > > > > thx > > > > > > I did add a key for EventSource, as that is commonly searched. > However, > > > using PhpLogCon, it seems that if I search using the web interface > (i.e. > > > I click on a host entry and hit the available searches) it is > relatively > > > quick. However, changing the text field that is generated and > hitting > > > the "search" button is slow. Do these two methods use the same > query, or > > > is something else going on? > > > > > > thx > > > _______________________________________________ > > > rsyslog mailing list > > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > > > > > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog
