A distributed and coordination-free log management system

Here&#x27;s the blog post describing the system<p><a href="https:&#x2F;&#x2F;peter.bourgon.org&#x2F;ok-log&#x2F;" rel="nofollow">https:&#x2F;&#x2F;peter.bourgon.org&#x2F;ok-log&#x2F;</a><p>And the original HN post<p><a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=13418125" rel="nofollow">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=13418125</a>

He describes Heka (built by Mozilla) as abandoned. This is true, but we have a re-write in C that is significantly faster and in active development [0].<p>[0] <a href="https:&#x2F;&#x2F;github.com&#x2F;mozilla-services&#x2F;hindsight" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;mozilla-services&#x2F;hindsight</a>

While super-interesting (and something that I wish I had time to really evaluate against Elasticsearch&#x2F;Solr), I feel like it&#x27;s missing one of the most useful things about Loggly&#x2F;ES&#x2F;Solr - the ability to quickly visualize log trends. And despite the statement that it&#x27;s a &quot;distributed and coördination-free log management system for big ol&#x27; clusters&quot;, I&#x27;m confused why you would want a &quot;big ol&#x27; cluster&quot; without visualization or field searches more complex (and less computationally expensive) than regexes. Am I missing something?<p>e: To be fair, I&#x27;m not attempting at all to defend Elasticsearch&#x2F;Solr, just slightly confused about the actual use cases in prod.

The thought process that went into the design is very enlightening. Thanks for writing that up.

This looks pretty slick. There&#x27;s a well done explanation of the architecture process in the blog.

There is actual a fair amount of coordination in this logging system -- with the combination of redirects and gossip to handle them -- but it does seem to be the right kind of coordination.

&#x27;Coordination&#x27; in English ;)