As a puncher do you grok or do you dissect ?

In the world of log parsing, strange acronyms are used for products (splunk, punch) and for operators (grok). At least dissect is more explicit : it allows you to efficiently cut a string into interesting sub-parts. The basic task you do to parse and normalise your data. Recently Elastic introduced that new dissect operator. Check Read more about As a puncher do you grok or do you dissect ?[…]

Some Thoughts on Elastic Ingest Nodes

The new elastic 5 GA is out. It provides many improvements¬† and great new features. In this post we have a look at the new Ingest nodes, that provide a way to deploy logstash filters without the burden of deploying and running logstash processes. Each running an input-filter-output pipeline. Since ingest node look to us Read more about Some Thoughts on Elastic Ingest Nodes[…]