Log management is hard. Always has been, always will be. Good to know that there are bright folks like Mr. Fulton and his team over at @swipley that get it. (and share!)
Technically –| Rsyslog –> Logstash –> to –> S3 and Sumologic
Tactically –| “Engineers at Swipely start weekly tactical meetings by reporting trailing seven day metrics. For example: features shipped, slowest requests, error rates, analytics pipeline durations. These indicators help guide and prioritize discussion. Although many of these metrics are from different sources, we like to see them together in one dashboard. With
sumo-search and the Search Job API, we can turn any number from a log query into a dashboard widget in a couple lines of Ruby.”
Read his post via the @Sumologic blog here.