Do you know some good programs to read structured logs? That have filter and order capabilities. Terminal or GUI. I was looking for it recently but couldn't really find one.
@stevenroose You can try ELK, and there is also Splunk.
Maybe you mean programs to convert logs to structured logs. You can use just tail terminal or tail GUI to view any log source. What you want is to rewrite/convert them to structured format.
No what I was looking for was a program to view those structures logs. Our software already produces structured logs.
I'm looking for a program that can easily do filters by field (f.e. .severity == "warning" and .subsystem == "rpcserver") and such operations. Currently I use jq filters, but that means typing the filter manually.
@stevenroose I can only think of running the app locally and forwarding the structured logs there. ie I run Splunk locally on a Windows EC2 instance and configure to send my logs to Splunk via TCP localhost.
There is surely some lightweight solutions, since Splunk is slightly more than log search/management.
@stevenroose Log management software do filters and alerts - Splunk, ELK, Graylog can do filters, Graylog open source
I have not used graylog myself though.
"hostname": "AWS.server.com", "appname": "Microsoft-Windows-DHCP-Server",
is structured vs this single line log without the above key value pairs.
07 Jul 2019 09:54:38.3562019-07-07 09:54:36 AWS.server.com INFO 74 LOG\Administrator Scope: [[184.108.40.206]Test] for IPv4 is DeActivated by LOG\Administrator.
A Mastodon instance for info/cyber security-minded people.