2016-10-06 10:42 GMT+02:00 [email protected] <[email protected]>: > > > El 04/10/16 a las 20:31, Joe Blow escribió: > >> <rant> >> >> Regex should be avoided like the plague, at all costs. If you know your >> logs well enough to write a regex for them, why wouldn't you write a >> liblognorm rule instead? >> > Totally agree...(actually, liblognorm is giving me segfaults :P)
I'll try to check next week when my current task is done. > > > I use liblognorm + rsyslog to forward to ES with very little overhead. If >> you like performance and scalability, use liblognorm. >> > Ok > >> If you got a free >> Logstash T-shirt from a conference you went to, use Logstash. At the end >> of the day rsyslog has a great set of output plugins (mongo, ES, kafka, >> etc.) so if you get your output into JSON, you're laughing. Liblognorm >> does this faster/better/stronger than grok. >> > Almost convinced...I'll love to hear more voices anyway > Liblognorm is based on work from my MSc Thesis. The thesis paper is currently being processed for upload, I expect it to be available next week. If you'd like to dig down to the details and an explanation why it is faster, the thesis will have it in great detail. I can post a link once it is online. HTH Rainer > Thanks a lot > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.

