hi. About to try an evaluation of LEM, but wanted to know if it's capable of handling unstructured logs as well as standardized system logs. For example, we would have an application log that is generated from a custom or home-grown application. It might contain timestamps, specific data payloads as well as instrumentation data around transactions. Could be single or multi-line. Regex would typically be the way to parse the data. Is that something that LEM does out of the box? Or are there ways to customize? Marketing material is limited in details.
Here's a quick sample of something we might want to parse and report on, with correlation with other logs across the stack.
0000183E-8E71-4DE0-92C6-B0EFAA096C0E|93075243|5CFF8C57-FFD4-492B-A2E1-3A0A3E583E7E|XSQL.POSTSAVE|EXTM|Sep 21 2016 6:00:56:406PM|Sep 21 2016 6:00:56:483PM|ceraxmgr.cpp|652|CER_EXIT_MGR::CallExit|ceraxmgr.cpp|654|CER_EXIT_MGR::CallExit|E|1|Jan 1 1753 12:00:00:000AM
Is the system capable of parsing this type of log using regex or something similar to know that fields 6 and 7 are timestamps?
Similarly, is it capable of reading something like nmon data from AIX? nmon is notoriously verbose and hard to parse.
Thanks.