On Fri, Oct 31, 2014 at 9:03 PM, Alec Ten Harmsel <a...@alectenharmsel.com> wrote: > > You guys should check out the ELK stack: > http://www.elasticsearch.org/overview/ > > Basically, transform logs to JSON with logstash, throw the JSON into > elastic search, and make plots with Kibana. We use it at work; it's > absolutely fantastic. >
Hmm, as far as I can tell they don't actually have a parser for journal logs yet. With systemd the logs are already available in JSON, though I imagine it would be trivial to transform that to a different-looking JSON if necessary. I think it just reflects the fact that everybody is playing catch-up. Despite originating at Red Hat I suspect that the vast majority of those running systemd right now are the sorts of folks who don't run enterprise log monitoring suites. So, the pressure just isn't there yet to get all that stuff built. -- Rich
