We're evaluating ELK (Elasticsearch, Logstash, Kibana) at the moment to combine the logfiles from the automation engine (WPs/CPs), the APIs, the agents and the database.
Has anyone tried this before? What are your experiences?
And here's the question, has anyone of you this already in production? Have you defined grok pattern for logstash for the agents? What's about an filebeat-a-like daemon for solaris?
I've defined some for engine log parsing:
AETIMESTAMP [0-9]{8}
AETIME [0-9]{6}\.[0-9]{3}
AEUNUMBER U[0-9]{8}
%{AETIMESTAMP:date}\/%{AETIME:time}\s\-\s%{AEUNUMBER:unummer}\s%{GREEDYDATA:message}