Hi thanks for this product! I wonder how should I set up the service.name? What is the most recommended way to setup it for any kubernetes pod (e.g. a Spring java app, a Nginx, a Kafka...)
(Because I see here saying that, I should set up service.name in order to derive the event.dataset so as to see the logs categorized.)
Moreover, I wonder whether there are other fields that I should set up in order to make my life better besides this service.name?
Thanks very much!
Hi @fzyzcjy,
you should be able to perform quite a bit of correlation with service.name and event.dataset already. For k8s it might be useful to establish a convention in your environment to add the service name as a label to pods (e.g. app or service_name) and use the add_kubernetes_metadata and copy_field processors in the beats config to retrieve and copy it from kubernetes.label.app (or so) to service.name (and event.dataset in the logs case).
(btw, I wanted to clarify that event.dataset is not derived automatically, but the recommendation is to use the service name plus a type identifier (e.g. my_service.log).)
Does that make sense?
Sounds great, Thanks!
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.