Hacker News new | past | comments | ask | show | jobs | submit login

Strange that they went with plain text when the industry is converging on (newline delimited) JSON logs for structured data. This also serves as the backbone of observability with metrics and tracing also being folded into and output as JSON.

Call them events and you can claim all the event-sourcing buzzwords too.




I wouldn't put too emphasis on the plain text — we started logging back when carrying everything via JSON would've been going against the grain. These days it might've gone the other way (I'm not sure).

One point that I'd try to convey is that the canonical line technique works for any kind of structured format. We use logfmt in all our examples, but JSON would work just as well.


I searched for logfmt and found your website – https://brandur.org/logfmt

What I can't find described for logfmt is how to handle escaping special characters in the keys or values. Specifically the quotes and equals.

JSON defines this very well, but Splunk simple key=value logging formats suffer from escaping and parsing problems.


You could use yaml serialiser, which leaves non special strings as is and quotes special ones. But this approach can break naive grepping.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: