It can't for the cases I'm using it for. I have extremely complex legacy event formatting that mmnormalize can't parse out completely (I've talked on the list about it in the past).
FWIW I'm in the process of phasing out the legacy formatting for this exact reason. The logstash filters are crazy complex and we will be moving towards a 100% CEE formatted event injection model to eliminate the necessity for it. -- Gary F. On May 29, 2013, at 10:14 AM, David Lang <[email protected]> wrote: > Thanks for all the info so far. > > What is it that you need to use logstash for? > > I'm wondering if rsyslog could satisfy the need using mmnormalize. > > David Lang > > On Wed, 29 May 2013, Gary Foster wrote: > >> Except splunk has extensive indexing and routing capabilities with a search >> interface on for good measure. It would be more accurate to say kibana + >> logstash is roughly == splunk >> >> -- Gary F. >> >> On May 29, 2013, at 11:02 AM, Josh Bitto <[email protected]> wrote: >> >>> Kibana is comparable (kinda) to splunk. It's just a configurable interface >>> for logstash and elastic search. >>> >>> >>> >>> >>> -----Original Message----- >>> From: [email protected] >>> [mailto:[email protected]] On Behalf Of David Lang >>> Sent: Wednesday, May 29, 2013 9:54 AM >>> To: rsyslog-users >>> Subject: Re: [rsyslog] Rsyslog 7.2.7 and Kibana 3 >>> >>> I haven't heard of Kibana before, can you provide a link to it? >>> >>> How does it interact with rsyslog, does it access elasticsearch, reading >>> the data that rsyslog wrote? >>> >>> If this is the case, your best bet is probably to see what Kibana is >>> expecting the data to look like and then modify the template on rsyslog to >>> put the data in that format. >>> >>> David Lang >>> >>> On Wed, 29 May 2013, Jason A. Johnson wrote: >>> >>>> Hello, >>>> >>>> I'm currently working on a central logging solution which seems to be >>>> working great. Rsyslog forwarding logs to the central logging server >>>> which has been upgrade to version 7.2.7 and elasticsearch storing the >>>> logs. Searching elasticsearch I can see that logs are being sent/stored. >>>> However I would like to get the frontend working which is kibana 3. >>>> I'm wondering if anyone has been able to get kibana 3 working with >>>> rsyslog or could point me in the direction of what I would need to >>>> change on kibnana side to have the logs visible. Logstash setting are >>>> the default for kibana so it works out of the box. I have looked at >>>> the defaults for kibana and the only difference I can see that needs >>>> to be updated is the timestamps defaults index: >>>> >>>> "index": "[logstash-]YYYY.MM.DD" I have changed that to "system" which >>>> is what shows up in elasticsearch when logs are forward from rsyslog >>>> to be stored. However no logs are being displayed in kibnana. >>>> >>>> If someone has any idea what I'm missing would be hopeful. >>>> Thank You, >>>> Jason > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of > sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T > LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
