In his blog, David Malcolm writes about "show"
, which is a SQL "select" statement that is used from the command line to query various log file formats. "This got me thinking. We have many different log formats, and many different sources of data. All of our tools seem to have different interfaces.
For example, why should I write regular expressions and shell pipelines to get at my logs?
Why do I have to learn a custom syntax ("rpm -qa --queryformat='various things'") for looking at the software I have installed? Why does e.g. the audit subsystem have its own query format?
Why can't I just use SQL, and write SELECT statements to drill down into all of this data?
to post comments)