El 04/10/16 a las 20:31, Joe Blow escribió:
<rant> Regex should be avoided like the plague, at all costs. If you know your logs well enough to write a regex for them, why wouldn't you write a liblognorm rule instead?
Totally agree...(actually, liblognorm is giving me segfaults :P)
I use liblognorm + rsyslog to forward to ES with very little overhead. If you like performance and scalability, use liblognorm.
Ok
If you got a free Logstash T-shirt from a conference you went to, use Logstash. At the end of the day rsyslog has a great set of output plugins (mongo, ES, kafka, etc.) so if you get your output into JSON, you're laughing. Liblognorm does this faster/better/stronger than grok.
Almost convinced...I'll love to hear more voices anyway Thanks a lot _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

