switch to room list switch to menu My folders
Go to page: 1 2 3 [4] 5
[#] Thu Mar 19 2015 12:32:31 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

One of the most powerful things we do with Splunk is the "transaction" filter. I don't see any direct replacement with logstash... this is statically configured and seems to have limitations, but it's somewhere in the ballpark:

not quite close enough, transaction is an ad-hoc query:

[#] Thu Mar 19 2015 12:54:57 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

probably one would want something like that:

this is the logstash alternative:

(the credativ guys work with it)

Another tool /me wouldn't use... but may be interesting ;-)



[#] Thu Mar 19 2015 12:58:14 EDT from dothebart @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I like very much this one:

(have a look at the crazy videos ;-)

It uses a pimped collectd as some of the data sources.

[#] Thu Mar 19 2015 14:19:39 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

OK, for one thing, I hadn't correctly understood how logstash fits together with the rest of its ecosystem. Logstash is like splunkforwarder, I guess- it's a piece of low-level plumbing.

The querying all happens in elasticsearch:

[#] Thu Mar 19 2015 23:00:07 EDT from ax25 @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Not similar at all, but I do use this for viewing / checking combined logs from systems:

Epylog -

It lets you boil down combined syslogs from multiple systems, and get rolled up reports on logins, and a free-for-all report of anything that was not parsed in an email.

It takes quite a bit of time to get what they call the "weeder" to build up to rid yourself of the background noise from the reports, and it does take ocasional changes to regexes on lines to account for some daemons changed log output for warnings, etc, but I find it worthwhile.  Once you have your "don't care" lines out of the report, you will be left with the ones to either investigate and act on or just add to the don't care if they turn out to be a more of just miss-placed info output.

You can set up your own roll up reports, but I have not played with that as of yet.

[#] Mon Mar 23 2015 08:15:36 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Not the splunk way - there are no "don't care" records, you throw everything in the big index and figure out how to query it later.

[#] Wed Apr 29 2015 11:15:28 EDT from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Been talking to some former coworkers (now at NYTimes, ghod help them) and one of the Splunk alternatives they are looking at is Sumologic:

(^^ one of my litmus tests for a Splunk replacement)

[#] Wed Apr 29 2015 12:37:52 EDT from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


When you go to this site, you may be treated to the following popup:

This page ws unable to display a Google Maps element. The provided Google API key is invalid or this site is not authorized to use it. Error Code:

So, they hope to supplant Splunk, but...?

[#] Fri Jun 05 2015 09:48:33 EDT from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Evidently their Big Data got so big it popped out of the screen.

(By the way, we ended up just buying a bigger Splunk license.)

[#] Wed Dec 07 2016 15:00:52 EST from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Wow, this is funny and pathetic at the same time.  I found this on the web site of a fairly popular piece of software today:


"The code is all there still, so if you really promise not to ask me why your maps all stopped working after you press the button, you can re-enable it. Simply open weathermap-cacti-plugin-mgmt.php in and editor and change the line that says

                    $i_understand_file_permissions_and_how_to_fix_them = false;


                    $i_understand_file_permissions_and_how_to_fix_them = true;

Now you have the button, the following explains the issues in detail."

[#] Thu Dec 08 2016 09:17:43 EST from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Hmmm... someone has obviously been torn between wanting to help people, and not wanting to deal with the same stupid problem repeatedly.

[#] Thu Dec 08 2016 09:30:43 EST from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

LOL. The real problem is using anything written in PHP ;)

[#] Thu Dec 08 2016 09:32:46 EST from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]


Yeah, I'm trying to migrate us to rails.

[#] Thu Dec 08 2016 10:26:05 EST from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

LOL. The real problem is using anything written in PHP ;)

Real developers write web applications in C.

(Ok, maybe not. But PHP does have a tendency to encourage an unhealthy mingling of markup and code.)

The software in question here is a Cacti plugin. And yes, I'm sure the developer was very frustrated with getting the same stupid question over and over again.
As many of you know, I've dealt with this. It's not a fixable problem. When you make a piece of software easier to use, you simply move to a lower stratum of people who have an even stupider problem. It's infinitely nested and there is no bottom.

[#] Thu Dec 08 2016 11:04:50 EST from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

(Ok, maybe not. But PHP does have a tendency to encourage an
unhealthy mingling of markup and code.)

That can be worked around. The semantics are horrible... take a look at the truth table for the == operator.

[#] Fri Dec 09 2016 08:27:18 EST from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

Ok that's a bit disturbing. Even more disturbing is that they knew == was so messed up that they had to add an === operator to make comparisons even stricter. Progress!

I still maintain that PHP was never meant to be a serious language but it "had greatness thrust upon it" by baristas-turned-programmers during the dotcom years.

The language selection wasn't what I was focusing on, though. Even a unix superfan like me can appreciate the fact that when you throw people out there into the world of file permissions without giving them the right mental tools to deal with it, bad things can happen. That developer's approach was snarky, which I totally love. It won't work, though. People ignore clearly written instructions and ask stupid questions anyway.

(Just do a "chmod -R 777 /" and everything will be ok!)

Hey, at least on a mainframe, file permissions are an add-on feature. So you can just shut off RACF and everything "just works" :)

[#] Fri Dec 09 2016 12:28:20 EST from LoanShark @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I still maintain that PHP was never meant to be a serious language but

it "had greatness thrust upon it" by baristas-turned-programmers during

Sure it was. It just happens that it wasn't designed by people who were really, like, a language-designer's language designer.

[#] Mon Dec 12 2016 08:35:53 EST from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

OTOH, we could use smalltalk instead of php, right?

[#] Mon Dec 12 2016 12:49:42 EST from IGnatius T Foobar @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

We can joke about what languages are over-the-top ridiculous for web programming, but one developer's over-the-top ridiculous is another developer's favorite.
It could be argued, for example, that COBOL matches the CGI model better than Perl ever did.

[#] Mon Dec 12 2016 13:21:15 EST from fleeb @ Uncensored

[Reply] [ReplyQuoted] [Headers] [Print]

I don't necessarily think Smalltalk is ridiculously over-the-top for web programming. Although, I don't think Seaside is a particularly good implementation, based on how ugly their pages wind up looking.

And with the web, presentation is pretty much everything.

I suck at making web pages look good. When it comes to that stuff, I feel like I'm a troglodyte pretending to have competence at web pages, as I get more involved with making the thing work properly than look nice (when, really, both are required).

But the work I did in Ruby made the pages look very nice in spite of my efforts to make it look like shit. Or, rather, I would have to go out of my way to make the pages look like shit in Ruby, where in the other languages I've used, shitty-looking web pages were the norm.

Go to page: 1 2 3 [4] 5