Charles, Thanks for sharing the pattern. If my reading is right, this will extract the entire message line as one string. What I'm looking for is: on top of extracting the entire message line, also break it into structured fields automatically.
On Mon, Dec 19, 2016 at 1:59 PM, Charles Allen < charles.al...@metamarkets.com> wrote: > For what its worth we use SumoLogic and the magic parsing search looks like > this: > > parse regex field=message "^(?<glog_severity>[IWE])(?<glog_date>[0-9]{4} > [0-9:.]*) [0-9]* > (?<glog_source_file>[0-9a-zA-Z.]*):(?<glog_source_line>[0-9]*)] > (?<glog_message>.*)$" > > > > On Mon, Dec 19, 2016 at 11:15 AM Joris Van Remoortere <jo...@mesosphere.io > > > wrote: > > > @Zhitao are you looking specifically for structure or just for tagging? > > glog does already have support for custom tags in the header. I don't > know > > if this is enough for your use case though. > > > > — > > *Joris Van Remoortere* > > Mesosphere > > > > On Mon, Dec 19, 2016 at 9:58 AM, James Peach <jor...@gmail.com> wrote: > > > > > > > On Dec 19, 2016, at 9:43 AM, Zhitao Li <zhitaoli...@gmail.com> wrote: > > > > > > Hi, > > > > > > I'm looking at how to better utilize ElasticSearch to perform log > > analysis for logs from Mesos. It seems like ElasticSearch would generally > > work better for structured logging, but Mesos still uses glog thus all > logs > > produced are old-school unstructured lines. > > > > > > I wonder whether anyone has brought the conversation of making Mesos > > logs easier to process, or if anyone has experience to share. > > > > Are you trying to stitch together sequences of events? I that case, would > > direct event logging be more useful? > > > > J > > > > > > > -- Cheers, Zhitao Li