Review docs and enhance cover of "variables": global, JSON message properties, local variables and "properties" #592
Comments
|
I'm not sure of any potential permissions issues with using the material, but
@davidelang's coverage of the topic in his [Log Filtering with
Rsyslog](https://www.usenix.org/publications/login/october-2013-volume-38-number-5/log-filtering-rsyslog)
`;login` article is especially good.
I have no problem with you using that explination.
|
|
@davidelang Awesome, thanks! |
|
@davidelang I was looking back through the mailing list for something else and came across this response from you last year:
Adding it here as further reference material for when this ticket is processed. You have a talent for conveying depth with brevity. :) |
|
On Wed, 14 Mar 2018, Deoren Moor wrote:
@davidelang I was looking back through the mailing list for something else and came across this response from you last year:
> there is almost no technical difference between $. variables and $! variables.
>
> $! existed first, and some functions (mmjsonparse) only put things in $!
>
> $. was created because there is a need to have variables that aren't part of $! so that $! can be output in it's entirety.
>
> The global variables $\ are significantly different, much slower, but visible across multiple log messages (and multiple threads), while $! and $. exist only for the one log message.
Adding it here as further reference material for when this ticket is processed.
You have a talent for conveying depth with brevity. :)
normally I'm told I put too much detail in :-)
|
Down with the naysayers! ;) I've learned a lot reading your writings and appreciate the time you've taken to provide them. Aside from the articles here (https://www.usenix.org/publications/login/david-lang-series), your writings on GitHub, the mailing list and the docs project, do you publish content elsewhere? |
|
On Wed, 14 Mar 2018, Deoren Moor wrote:
> @davidelang: normally I'm told I put too much detail in :-)
Down with the naysayers! ;) I've learned a lot reading your writings and appreciate the time you've taken to provide them.
Aside from the articles here
(https://www.usenix.org/publications/login/david-lang-series), your writings
on GitHub, the mailing list and the docs project, do you publish content
elsewhere?
I post on many different mailing lists and a few web forums (most of which have
a mailing list mode), but I don't have a blog or anyplace else that I create
content for.
I don't think the last article in the series ever got linked on that page
(splung/ElasticSearch tuning)
David Lang
|
Is this the article you're referring to? "Large Scale Splunk Tuning" at https://www.usenix.org/publications/login/april14/lang |
|
On Thu, 15 Mar 2018, Deoren Moor wrote:
> @davidelang: I don't think the last article in the series ever got linked on that page
> (splung/ElasticSearch tuning)
Is this the article you're referring to?
"Large Scale Splunk Tuning" at https://www.usenix.org/publications/login/april14/lang
Yep, that's the one.
|
|
Saw these remarks elsewhere from @rgerhards, figured the notes were relevant here (though the context for each may not be sufficiently clear for each remark to stand by itself as included here):
|
From a mailing list post:
My response:
While it could have just been me flailing about in fatigue, I suspect that the information is spread thinly throughout the docs.
It would be good to find the most appropriate section and enhance it to cover everything I mentioned plus any supporting information that would be useful. We could then reference that section (via an explicit label) in other places to ease maintenance, create an include page with succinct coverage or (perhaps the better approach) do both.
I'm not sure of any potential permissions issues with using the material, but @davidelang's coverage of the topic in his Log Filtering with Rsyslog
;loginarticle is especially good.The text was updated successfully, but these errors were encountered: