 |
 |
On 3/19/15 3:53 PM, Jason Stirnaman wrote: > I've been using the ELK (elastic + logstash(1) + kibana)(2) stack for EZProxy log analysis. > Yes, the index can grow really fast with log data, so I have to be selective about what I store. I'm not familiar with the Symphony log format, but Logstash has filters to handle just about any data that you want to parse, including multiline. Maybe for some log entries, you don't need to store the full entry at all but only a few bits or a single tag? > > And because it's Ruby underneath, you can filter using custom Ruby. I use that to do LDAP lookups on user names so we can get department and user-type stats. Hey Jason, Did you have to create customized grok filters for EZProxy logs format? It has been something on my mind and if you've done the work... ;-) Cheers, ./fxk -- Your analyst has you mixed up with another patient. Don't believe a thing he tells you.