[tonymet]

I could see a couple "serious" applications (1) indexing all machines and using pdsh to query across the cluster and (2) remote-syslog to a main machine generating huge logs, use qlog to query the main machine.

In both cases qlog setup would be better than elastic search or other remote search index setup .

[verdverm]

Better is subjective, for the scenario you describe, in what ways is it better than having production grade, battle tested o11y?

(modern o11y, as typically viewed through Grafana, where IRL you need more than logs)

[tonymet]

The setup

[verdverm]

in our industry, shortcuts are a primary source of tech debt which either gets paid off or continues to charge interest

[tonymet]

It’s not a shortcut if it’s cheaper , easier and works .

[verdverm]

Works and easier are contextual, from my pov, narrowed to multi-machine/service scenarios since you mentioned a suite of tools to pair with this one.

It may be easier to set up, but it may not be easier to do my job. For example, can it graph the count of log matches over time for me by source node? Is missing a feature I need, that I already have in a mature o11y stack, then I wouldn't say it "works" or is "easier" for the majority of my interactions with it.

Paying more up front, a one time set up cost, has always been worth it in my experience for your o11y stack. The dividends pay back when you are able to restore production faster than your peers. Over time, the benefits manifest in your salary too.

How does this tool compare when you have multiple people working to debug an outage? How does it work if I need more reliability than a single instance can provide?

[tonymet]

AWS' favorite customer