A new version of Ekanite, the syslog server with built-in search, has been released. v1.2.0 includes some minor fixes and improvements.
You can download v1.2.0 from the GitHub releases page.
I gave a presentation on Ekanite — the syslog server with built-in search — tonight at the San Francisco Go Meetup. It was an enjoyable evening, and I had a chance to discuss why I built Ekanite, how it works, and where it might go in the future.
In the last post we examined the design and implementation of Ekanite, a system for indexing log data, and making that data available for search in near-real-time. Is this final post let’s see Ekanite in action.
In the previous post I outlined some of the high-level requirements for a system that indexed log data, and makes that data available for search, all in near-real-time. Satisfying these requirements involves making trade-offs, and sometimes there are no easy answers.
For the past few years, I’ve been building indexing and search systems, for various types of data, and often at scale. It’s fascinating work — only at scale does O(n) really come alive. Developing embedded systems teaches you how computers really work, but working on search systems and databases teaches you that algorithms really do matter.
Search is everywhere. Once you’ve built search systems, you see its potential application in many places. So when I came across bleve, an open-source search library written in Go, I was interested in learning more about its feature set and its indexing performance. And I could see immediately one might be able to shard it to improve performance.