For what its worth we use SumoLogic and the magic parsing search looks like this:
parse regex field=message "^(?<glog_severity>[IWE])(?<glog_date>[0-9]{4} [0-9:.]*) [0-9]* (?<glog_source_file>[0-9a-zA-Z.]*):(?<glog_source_line>[0-9]*)] (?<glog_message>.*)$" On Mon, Dec 19, 2016 at 11:15 AM Joris Van Remoortere <jo...@mesosphere.io> wrote: > @Zhitao are you looking specifically for structure or just for tagging? > glog does already have support for custom tags in the header. I don't know > if this is enough for your use case though. > > — > *Joris Van Remoortere* > Mesosphere > > On Mon, Dec 19, 2016 at 9:58 AM, James Peach <jor...@gmail.com> wrote: > > > > On Dec 19, 2016, at 9:43 AM, Zhitao Li <zhitaoli...@gmail.com> wrote: > > > > Hi, > > > > I'm looking at how to better utilize ElasticSearch to perform log > analysis for logs from Mesos. It seems like ElasticSearch would generally > work better for structured logging, but Mesos still uses glog thus all logs > produced are old-school unstructured lines. > > > > I wonder whether anyone has brought the conversation of making Mesos > logs easier to process, or if anyone has experience to share. > > Are you trying to stitch together sequences of events? I that case, would > direct event logging be more useful? > > J > > >