On Wed, 6 Apr 2016, Giulio Vaccari wrote:
By the way, I must use logstash because I must parse log from many OS, some of them are quite old so in many case I must grok the log using logstash.
rsyslog has mmnormalize that is far faster at parsing logs than grok filters, and current versions have a mmgrok module that lets you use grok parsers in rsyslog.
David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
