[aviperl]

On the topic of structured logs, can anyone point me towards where I might learn more about what people have learned over time?

I'm new to the world of querying through my logs, but I can already see a benefit to logging with JSON...

This is what I've defined as a solution for a need of mine for the moment: https://gist.github.com/avi-perl/b173fdc30219155eb9ee4bb3a21...

[benjaminfh]

Structured/JSON saves a tonne of time building regex parsers. The regex parsing at query-time is also pretty expensive. This is where Splunk excels - dealing with the noise with powerful querying. ClickHouse is also very performant at this, we hear. It's an expensive task though (computationally and cost wise)

I thought this was well put together from Better Stack: https://betterstack.com/community/guides/logging/logging-bes...

Charity, CTO of Honeycomb has strong views (which we enjoy a lot): https://charity.wtf/tag/observability-2-0/ - they come at it from a tracing/OT angle which is Honeycomb's forte, but we agree a lot on the intended outcomes - actionable (not spammy/noisy) + make it easy to gather the variable/state context in the context of a single event.