Correct way to map HTTP Server logs

Hi all!

I am relatively new with Elasticsearch, and I want to store logs of all HTTP requests made to multiple services, including info like headers, body and params to Elasticsearch, and wish for all this info to be accessible and quarriable in Kibana dashboard.

My question is, I've seen many tutorials on the internet that recommend different things regarding the mapping template that the logging index should have. Some say I should leave it at the default and let Elasticsearch's dynamic map do the work, while others suggest I should define a specific mapping. I've also seen people suggesting that I convert all integer values to strings to avoid errors when inserting values that can sometimes be a string and other times an int.

What is the correct way to store logs of this type, which can differ a bit from service to service but generally look the same, in Elasticsearch?

Welcome to our community! :smiley:

What is the HTTP server you are using?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.