On Sat, 2010-09-04 at 10:57 -0700, Anton Chuvakin wrote:
In CEE, OAS triad will likely be used as "default tags" for all messages.
Is it a recursive hierarchy? e.g. is it possible to organize bunches to even higher level bunches?
Actually, we have not thought about it yet :-(
Also what I see unsolved is how the user can easily sort messages into files/tables by bunch.
This probably has to be done inside the log analysis tool that is aware of tags and their bunches.
Although if I were to define multi-value name-value pairs the one above could expand to multiple file writes. This way writing by tags or by bunches should be very simple.
Multi-value N=V are evil. They kill log parsers and RDBMS :-) We did think a lot about this conundrum of src_IP="10.10.1.2,10.10.1.3" and might well recommend that it never happens. If we have to deaggregate logs (thus exploding the volume) the whole thing would be a mess...
Right, understood, agreed. -- Bazsi