On Sat, Nov 1, 2014 at 5:47 AM, Rich Freeman <ri...@gentoo.org> wrote: > On Fri, Oct 31, 2014 at 9:03 PM, Alec Ten Harmsel > <a...@alectenharmsel.com> wrote: >> >> You guys should check out the ELK stack: >> http://www.elasticsearch.org/overview/ >> >> Basically, transform logs to JSON with logstash, throw the JSON into >> elastic search, and make plots with Kibana. We use it at work; it's >> absolutely fantastic. > > Hmm, as far as I can tell they don't actually have a parser for > journal logs yet. With systemd the logs are already available in > JSON, though I imagine it would be trivial to transform that to a > different-looking JSON if necessary. > > I think it just reflects the fact that everybody is playing catch-up. > Despite originating at Red Hat I suspect that the vast majority of > those running systemd right now are the sorts of folks who don't run > enterprise log monitoring suites. So, the pressure just isn't there > yet to get all that stuff built.
I suspect that "full" journald adoption and tweaking will come from small(er), more nimble, less conservative organizations. We'll be rolling out RHEL7 next year and we'll have "Storage=volatile"; we've asked former colleagues at other banks and they've said that they're planning the same.
