Yes, it's a slide nearly 1.5 years ago. After that, we:

- change to use omkafka + <https://github.com/childe/hangout> instead of
omelasticsearch directly. The reason I have said in another mail days ago.
- rewrite most of mmgrok into mmnormalize+rainerscript. Except PHP slowlog
only. We want to translate the memory address of each line into "xxxxx",
but seems can't be done in rsyslog, so a mmexternal here.
- try to use streaming compress with imptcp (between shipper and rsyslog
server), the bandwidth saved about 2/3. But discard msgs in peak every
night. So roll back.

No experiments about ES5 now. The author of hangout above told me ES5.0.0
has some terrible problems(
https://github.com/elastic/elasticsearch/issues/21612
https://github.com/elastic/elasticsearch/issues/21611), so waiting for
upgrade.

2016-11-25 14:58 GMT+08:00 David Lang <[email protected]>:

> reading through the slides, a couple comments.
>
> I've found that queue type FixedArray is slightly (but measureably) faster
> than LinkedList
>
> I suspect that the problems you were running into with slide 52 were the
> json-c threading problems that have now been solved with libjsonfast
>
> I'd be very interested in seeing speed comparisons between lookuptable and
> your mmdblookup
>
> At your log volumes, I expect that creating a sting module (sm*, C version
> of a template definition) would make a noticable performance difference. We
> saw >10% when we changed the default templates to C definitions.
>
> It's a very useful slide deck. How has the 5.x version of ES changed
> things there.
>
> David Lang
>
> On Fri, 25 Nov 2016, chenlin rao wrote:
>
> Date: Fri, 25 Nov 2016 10:46:27 +0800
>> From: chenlin rao <[email protected]>
>> Reply-To: rsyslog-users <[email protected]>
>> To: rsyslog-users <[email protected]>
>> Subject: Re: [rsyslog] Are we building an ERK stack?
>>
>>
>> re-upload an english version. The content was a little old though.
>>
>> 2016-11-23 22:39 GMT+08:00 [email protected] <[email protected]>:
>>
>>
>>> http://www.slideshare.net/chenryn/elk-stack-at-weibocom
>>>
>>> I NEED the english version :P
>>>
>>> _______________________________________________
>>> rsyslog mailing list
>>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>>> http://www.rsyslog.com/professional-services/
>>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>>> DON'T LIKE THAT.
>>>
>>> _______________________________________________
>> rsyslog mailing list
>> http://lists.adiscon.net/mailman/listinfo/rsyslog
>> http://www.rsyslog.com/professional-services/
>> What's up with rsyslog? Follow https://twitter.com/rgerhards
>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
>> DON'T LIKE THAT.
>>
>> _______________________________________________
> rsyslog mailing list
> http://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad
> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you
> DON'T LIKE THAT.
>
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.

Reply via email to