Hello boys and girls,
I have a few questions about best practices for managing my application logs on elastic:
- Is it a good idea to create an index by app and day to improve search performance?
- I have logs in Json format and in my filebeat I set
keys_under_root: true, if the fields added to those of filebeat are 40, can I risk getting worse elastic performance? Is it better if I map the fields manually or dynamically in this case?
- As for the exceptions of my app, having these other fields in addition to those of my log (example stacktrace, message, callsite) it is a good idea to save them on a separate index or I can safely save them on the one where I also save the INFO type logs, WARN etc, without worsening performance?
Sorry for the many questions, but I would like to be sure of what I do. And if there is a guide that explains in detail how to efficiently manage application logs on elastic, it is welcome.
Thanks, I hope I was clear