23 Oct
2014
23 Oct
'14
4:03 p.m.
On Thu, Oct 23, 2014 at 10:50:55AM -0400, jrhendri@roadrunner.com wrote:
Are you saying I would not need to use the format-json bit? If so - how would I select/name the desired fields that were parsed with patterndb?
By simply passing `scope` to the destination block [1] I also use a special `exclude` [2] parameter that lets me furter drop unwanted name-values.
As far as overall performance - I really think it is a combination of disk I/O and memory starvation.
I'm using collectd, riemann and riemann-dash to monitor syslog-ng and ES performance live [1] https://github.com/faxm0dem/syslog_ng-elasticsearch/blob/master/perl/syslog-... [2] https://github.com/faxm0dem/syslog_ng-elasticsearch/blob/master/perl/plugin....