Re: [gentoo-user] aggregate logs into Elasticsearch

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: Ralph Seichter <abbot@monksofcool.net>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] aggregate logs into Elasticsearch
Date: Fri, 03 Apr 2020 17:57:56 +0200	[thread overview]
Message-ID: <87imigk1dn.fsf@wedjat.horus-it.com> (raw)
In-Reply-To: <2dd98a05-88d2-0899-0bcd-f064a5fad9e1@xunil.at>

* Stefan G. Weichinger:

> My goal:
>
> collect logs of postfix, nginx into the docker-containers running ES,
> Kibana .. and learn my way from there.

If you are not dead-set on Elasticsearch et al, I propose considering
MongoDB as an alternative.

There are syslog Modules that allow logging into MongoDB directly. On
the DB side, collections (roughly equivalent to tables in relational
databases) can be limited by size or by age, meaning that removing older
data will happen automatically if you so wish.

MongoDB also makes it easy to add data from sources with different data
makeup to shared collections, because there is no rigid table structure.

For analysis, MongoDB includes its own Aggregation Framework[1], which
is a very powerful and versatile. While probably not relevant to your
needs right now, It even comes with built-in geolocation search

  [1] https://docs.mongodb.com/manual/core/aggregation-pipeline/

I think very highly of MongoDB and encourage you to look into it as a
possibility and as an interesing technical concept.

-Ralph

next prev parent reply	other threads:[~2020-04-03 15:58 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-04-03 11:40 [gentoo-user] aggregate logs into Elasticsearch Stefan G. Weichinger
2020-04-03 15:57 ` Ralph Seichter [this message]
2020-04-04  7:43   ` Stefan G. Weichinger
2020-04-04 14:02     ` Ralph Seichter
2020-04-09  8:42       ` Stefan G. Weichinger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87imigk1dn.fsf@wedjat.horus-it.com \
    --to=abbot@monksofcool.net \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox