Hi!
I'm pulling events from a monitoring system and these events only contains an id for the host/server being down. The other metadata is in a huge table separate from the event logs.
My question is, how would you recommend designing the indexing of these events if I wanted to tie the meta data to them?
Example:
Event:
name="MyServer", id="1000", state="down"
Metadata:
name="MyServer", id="1000", categories="server, "webserver", "tomcat"
My goal here is to get statistics per category, ie:
state=down | timechart count by category
Since the metadata is more or less static and consumes ~50MB a csv lookup or something similar would be ideal. Not sure though how to format the csv file for fields with multiple values.
Any advise would be most appreciated!
Kind regards,
Patrik
... View more