El 04/10/16 a las 20:31, Joe Blow escribió:
<rant>

Regex should be avoided like the plague, at all costs.  If you know your
logs well enough to write a regex for them, why wouldn't you write a
liblognorm rule instead?
Totally agree...(actually, liblognorm is giving me segfaults :P)

I use liblognorm + rsyslog to forward to ES with very little overhead.  If
you like performance and scalability, use liblognorm.
Ok
If you got a free
Logstash T-shirt from a conference you went to, use Logstash.  At the end
of the day rsyslog has a great set of output plugins (mongo, ES, kafka,
etc.) so if you get your output into JSON, you're laughing.  Liblognorm
does this faster/better/stronger than grok.
Almost convinced...I'll love to hear more voices anyway
Thanks a lot

_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to