The ESF Log Analytics feature provides a set of APIs that can be used to extend the default implementation for Journald.

Log Analytics APIs

As depicted in the image below, the main components of the Log Analytics APIs are the LogReader and the LogReaderListener interfaces.
Implementations of the LogReader API will be responsible to fetch the logs, for example from the system journal, from system log files, etc.
An instance of a LogReader can be associated to 0 or more LogReaderListener implementations that will have to register using the registerLogListener method. Once a new log line is sourced and processed by the LogReader implementation, all the registered LogReaderListeners will be invoked via the newLogEntry method that will provide to the specific LogReaderListener implementation a new LogEntry to process.
Each LogReaderListener instance is usually associated to 0 or 1 instance of LogReader.

A LogEntry is an API object that wraps the log reading performed by the LogReader implementation, exposing a set of properties as a key-value pair. The key is a String object, while the value is a generic Object that can contain any type of information.