796 shaares
The default log format offered by apache is only semi-structured. It appears, as a human reading it, to have some kind of reasonable structure. However, to process this with the logstash grok filter, it requires a complex and expensive regular expression to parse it.
The best case for log formats is if you can simply emit them in a structured format from the application itself. This will reduce any extra parsing in the future!
The best case for log formats is if you can simply emit them in a structured format from the application itself. This will reduce any extra parsing in the future!