December 2017 - The Punch

Technical

As a puncher do you grok or do you dissect ?

In the world of log parsing, strange acronyms are used for products (splunk, punch) and for operators (grok). At least dissect is more explicit : it allows you to efficiently cut a string into interesting sub-parts. The basic task you do to parse and normalise your data. Recently Elastic introduced Read more…

By Dimitri Tombroff, 7 yearsDecember 9, 2017 ago

Architecture

Some Thoughts on Elastic Ingest Nodes

The new elastic 5 GA is out. It provides many improvements and great new features. In this post we have a look at the new Ingest nodes, that provide a way to deploy logstash filters without the burden of deploying and running logstash processes. Each running an input-filter-output pipeline. Since Read more…

By Dimitri Tombroff, 7 yearsDecember 9, 2017 ago