[rabbitmq-discuss] RabbitMQ and Splunk
Michael Vierling
MVierling at attinteractive.com
Thu Nov 4 19:03:28 GMT 2010
Let me turn the question around: why have messy poorly formatted log data? Splunk has extensive tools to extract fields. But it will always be true that having clean, well formatted log data goes a long ways towards making any extraction process easier and more reliable.
Hundreds of lines of code are needed to parse iostat, ps and the others. Why write that code? And don't forget the performance impact, since that data can't be properly indexed.
Best,
Michael
-----Original Message-----
From: Matthias Radestock [mailto:matthias at rabbitmq.com]
Sent: Thursday, November 04, 2010 1:24 AM
To: Michael Vierling
Cc: rabbitmq-discuss at lists.rabbitmq.com
Subject: Re: [rabbitmq-discuss] RabbitMQ and Splunk
Michael,
Michael Vierling wrote:
> Yes, linux tools such as ps, iostat, memstat, etc are used by Splunk
> in a similar manner.
None of these output their data in timestamp+comma-separated-k/v format.
So if splunk can process their output, why can't it process rabbitmqadmin's?
Regards,
Matthias.
More information about the rabbitmq-discuss
mailing list