On 11/01/2014 05:47 AM, Rich Freeman wrote: > On Fri, Oct 31, 2014 at 9:03 PM, Alec Ten Harmsel > <a...@alectenharmsel.com> wrote: >> You guys should check out the ELK stack: >> http://www.elasticsearch.org/overview/ >> >> Basically, transform logs to JSON with logstash, throw the JSON into >> elastic search, and make plots with Kibana. We use it at work; it's >> absolutely fantastic. >> > Hmm, as far as I can tell they don't actually have a parser for > journal logs yet. With systemd the logs are already available in > JSON, though I imagine it would be trivial to transform that to a > different-looking JSON if necessary.
I should have been clearer; logstash is for transforming normal text logs into JSON. With the systemd-journal logs already being JSON, I'm sure they could be put straight into elastic search. > > I think it just reflects the fact that everybody is playing catch-up. > Despite originating at Red Hat I suspect that the vast majority of > those running systemd right now are the sorts of folks who don't run > enterprise log monitoring suites. So, the pressure just isn't there > yet to get all that stuff built. Agreed. RHEL7 is brand new, I'm sure most people are still running RHEL 6.x and don't have systemd quite yet. That said, I'm sure plenty of shops already have an ELK stack or some other log aggregation in place and adding journal logs will not be too difficult. Alec
