occasionally useful ruby, ubuntu, etc

24Aug/082

CouchDB and logs…

I've taken it upon myself to do some log analysis at my work. This involves taking a large volume of logs (multiple gigabytes) and somehow organizing them so that the data stored within them are readily available. This is no small task. At present, there are thousands of individually gzipped files, and the best way to find what you're looking for is to essentially 'zcat *.gz | grep -in "session=123"' to get what you want and is, frankly, absurd. In some types of log files, you have 15 lines that all pertain to the same log record, with each line in the format KEY=monkeyfacevalue, and in others you have everything on the same line, with key/value pairs comma delimited. Doesn't really matter, but there are key-value pairs in both case, and no two log records necessarily have the same set of keys. This sounded like an opportunity to try out a new type of database...CouchDB.

But, in the end, I think CouchDB is not the best way to solve this problem...