Back in December I said I was interested in replacing Logstash with Rsyslog, but that we needed a Riemann module to cover some of our existing functionality. Specifically we send metrics to Riemann from Logstash for three reasons:
- We send internal metrics from Logstash to monitor how events flow through our log pipeline.
- We forward all ERROR and CRITICAL logs to Riemann, which performs roll-up and throttling. Errors are forwarded to Slack, and Criticals are sent to Pagerduty.
- We allow developers to send application metrics in their structured log.
After some leisurely hacking over the last few days, I've got»