Folks,
I urgently need your help in finalizing my logging architecture.
I am almost there in terms of getting rsyslog and elasticsearch up and
running.
I get a performance of 4000 odd messages per second for a short test, but I
dont
know if this will sustain for an hour long tests.
So here is what I request you to help me with.
1) rsyslog does not seem to write to elasticsearch when running as a
service.
If I run using rsyslogd -nd, it seems to work. Need help in rectifying
this.
2) If I use rsyslog, there is only one field ("message") which has the
complete log.
If I want to split the log before sending it to elasticsearch or split
it after it reaches elasticsearch,
how can I do it?
e.g. my log can be
"ip=1.1.1.1 name=abcd loglevel=3 this is a test message"
I would like to later, query based on ip address or name using curl
(CLI)
3) what other parameters can I tune to get even better performance.
I might have maxed out in disk inserts, but I would like to tune every
possible parameter
before I conclude, this is the max I can get.
(I havent tried bulk_mode yet -- will try shortly)
Thanks a lot for being patient
regards
Mahesh
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.
