ppkarwasz commented on issue #3435: URL: https://github.com/apache/logging-log4j2/issues/3435#issuecomment-2637709454
@amosshi, > ### Background > > When a log string contains `key=value` format, in modern log search tool, like [Splunk](https://www.splunk.com/) or [ELK](https://www.elastic.co/): > > * The `key` will become a searchable field > * The `value` become the value of the corresponding key, and we can do visualization easily > > … > > ### Benefits > > * The format will be more log search tool friendly Sorry, but I do not believe this is a valid concern. The `PatternLayout` is **not** a structured layout and most patterns do not give something that can be parsed by regular expressions. For example: * The `%d{yyyy-MM-dd'T'HH:mm:ss} %enc{%m}{CRLF}%n%replace{%ex}{\r?\n}{\n }` pattern can be parsed unambiguously into a timestamp, message and exception. * The `%d %t %m%n` pattern can no longer be parsed, since you don't know which space ` ` character is part of the thread name and which one is part of the message. Besides, if you couple it with the ELK parser, you application will have a CRLF injection vulnerability. If you want the output of Log4j Core to be machine-readable, use a **structured** layout such as [JSON Template Layout](https://logging.apache.org/log4j/2.x/manual/json-template-layout.html) or [RFC 5424 Layout](https://logging.apache.org/log4j/2.x/manual/layouts.html#RFC5424Layout) and parse the output using the appropriate parser. **Note**: the behavior you are proposing might be useful to emulate [Logback's `%kvp` pattern](https://logback.qos.ch/manual/layouts.html#kvp). -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
