Our previous process for logging and analysing data was to store data in a custom mysql table created for that specific logging purpose and reading it with some PHP scripts and pass it to the google charting library on a custom created page.
Every new analysis took us some hours to implement which reduced our willingness to log anything to nearly zero.
With Splunk> the logging just went from "to complicated, won't implement" to "what could we log next?"
We've crafted a logging class which can be used in our current store as easy as it could get:
Log::info('fun', 'woot', array(
'monkey' => $amountOfMonkeys
));
This results in a key value log event like specified in the Splunk> logging best practice guide like this:
2013-11-22T10:22:18+00:00 mod=fun evt=woot monkey=13Now its really easy to do some analytics in splunk with some easy search queries.
The big advantage is, that we can specify our log format by ourselves and don't have to rely on the log format of third party tools. But even with some custom log events you can extract data with the built-in field extractions using regex and start analyzing your data within minutes.
Thanks Splunk!
No comments:
Post a Comment