Big fan of the ELK stack. We're in the process of implementing it here. You should be able to get the cohesion across files by tagging or custom fields. It depends on what your source data looks like and I'm not very familiar with Asterisk or its logs. Also, don't underestimate the value of using Logstash as a stand alone log file parser. It doesn't have to send data into ElasticSearch. I've used it on several occasions to parse out CSV and other data quickly. It's a great little tool. The other benefit is that you can reuse the filters you write later for a more robust and complete ELK solution. Iterative design! -Derek
On Thu, Mar 31, 2016 at 11:54 AM, Ski Kacoroski <kacoro...@gmail.com> wrote: > Ditto on Splunk. If you work for a non-profit or education they have a > nice discount. > > cheers, > > ski > > On 03/31/2016 06:43 AM, Graham Dunn wrote: > >> I've found a small ELK stack reasonable (Kibana is pretty useful for >> finding stuff), but needs to be monitored lots (ie, logstash will stop >> working for no reason, same with elasticsearch). TBH, splunk is very >> very good at this and easy to set up. It *can* be expensive, but if it's >> worth money to you to know about things, I'd look into it as well. >> >> On Thu, Mar 31, 2016 at 6:46 AM, Simon Lyall <si...@darkmere.gen.nz >> <mailto:si...@darkmere.gen.nz>> wrote: >> >> I'm looking for a tool that might handle this nicely. >> >> I have some asterisk log files that are generated by daemontools' >> multilog. The problem is that daemontools rotates logs every few >> minutes at the volumes I do so a single call can be scattered across >> several files. Total files might be a few GB. >> >> Does anyone know a good tool that let us search across multiple >> files for strings and display them? (along with nearby lines). The >> basic requirements >> are to trace a problem call by finding a number or call id and >> jumping around checking the 10 lines or so on each side of it. >> >> What I've looked at so far: >> >> * The team currently use vi which doesn't support multiple files well >> >> * I had a look at use multiple search in less but this was pretty >> slow and >> didn't seem to work nicely. >> >> * logstash and Elasticsearch would probably be the longer team option >> although there doesn't seem to be a good built-in asterisk filter >> for >> grok. >> >> * lnav ( http://lnav.org/ ) looks nice but doesn't have support for >> multilog format and doesn't appear to actually search multiple >> generations of files. >> >> >> -- >> Simon Lyall | Very Busy | Web: http://www.simonlyall.com/ >> "To stay awake all night adds a day to your life" - Stilgar >> >> _______________________________________________ >> Tech mailing list >> Tech@lists.lopsa.org <mailto:Tech@lists.lopsa.org> >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ >> >> >> >> >> _______________________________________________ >> Tech mailing list >> Tech@lists.lopsa.org >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ >> >> > -- > "When we try to pick out anything by itself, we find it > connected to the entire universe" John Muir > > Chris "Ski" Kacoroski, kacoro...@gmail.com, 206-501-9803 > or ski98033 on most IM services > > _______________________________________________ > Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ >
_______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
