From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id C5107138825 for ; Sat, 1 Nov 2014 15:50:55 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F3F79E0949; Sat, 1 Nov 2014 15:50:47 +0000 (UTC) Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id CE0AFE091D for ; Sat, 1 Nov 2014 15:50:46 +0000 (UTC) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.nyi.internal (Postfix) with ESMTP id 3A6C2204C8 for ; Sat, 1 Nov 2014 11:50:46 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute3.internal (MEProxy); Sat, 01 Nov 2014 11:50:46 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=x-sasl-enc:message-id:date:from :mime-version:to:subject:references:in-reply-to:content-type :content-transfer-encoding; s=smtpout; bh=1gASBpaGgg5ErLXzMlHFbq 56pHA=; b=APQBngEssHJS4TwF9iN8VRPjiTb1oOUujaUEST/LeCX5pHV6+zphUb p+N482UU3k5SXd9t5+Y/U5Mf14l3pE9N/vpCQl7ZaXJGE/xVCxUm6Z+Csa47Rj0Q pCNLOMd8I0auBJColknHEMpZ2FeHewcp+ceDkO+EkKWazMCE+vvxE= X-Sasl-enc: j70Fqk5X3kW6NcEMB/U+QhvnGkm2ovafWDoLOaxJrkAJ 1414857046 Received: from [192.168.1.15] (unknown [73.2.142.203]) by mail.messagingengine.com (Postfix) with ESMTPA id EF97AC00006 for ; Sat, 1 Nov 2014 11:50:45 -0400 (EDT) Message-ID: <54550154.4080408@alectenharmsel.com> Date: Sat, 01 Nov 2014 11:50:44 -0400 From: Alec Ten Harmsel User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] alternative kernels References: <1721456.cxhDToZz1Z@andromeda> <5707050.LYlfBLMIFp@andromeda> <54543167.8020705@alectenharmsel.com> In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-Archives-Salt: 19e6e685-243e-4ace-ace3-dd7970558838 X-Archives-Hash: deca3e9af5099b10bb63876d6729e40e On 11/01/2014 05:47 AM, Rich Freeman wrote: > On Fri, Oct 31, 2014 at 9:03 PM, Alec Ten Harmsel > wrote: >> You guys should check out the ELK stack: >> http://www.elasticsearch.org/overview/ >> >> Basically, transform logs to JSON with logstash, throw the JSON into >> elastic search, and make plots with Kibana. We use it at work; it's >> absolutely fantastic. >> > Hmm, as far as I can tell they don't actually have a parser for > journal logs yet. With systemd the logs are already available in > JSON, though I imagine it would be trivial to transform that to a > different-looking JSON if necessary. I should have been clearer; logstash is for transforming normal text logs into JSON. With the systemd-journal logs already being JSON, I'm sure they could be put straight into elastic search. > > I think it just reflects the fact that everybody is playing catch-up. > Despite originating at Red Hat I suspect that the vast majority of > those running systemd right now are the sorts of folks who don't run > enterprise log monitoring suites. So, the pressure just isn't there > yet to get all that stuff built. Agreed. RHEL7 is brand new, I'm sure most people are still running RHEL 6.x and don't have systemd quite yet. That said, I'm sure plenty of shops already have an ELK stack or some other log aggregation in place and adding journal logs will not be too difficult. Alec