ECS Logging for PHP / Question

leostereo · February 21, 2021, 9:27pm

Hi guys, Im trying to ship my application events to my elasticsearch platform.
My app and elk are running on different servers (ping reachable).
I already have the php library working on a little example script taken from
https://www.elastic.co/guide/en/ecs-logging/php/current/setup.html
After execution it echoes:
{"@timestamp":"2021-02-21T20:59:23.316323+00:00","log.level":"WARNING","message":"Be aware that...","ecs.version":"1.2.0","log":{"logger":"MyLogger"}}

In order to ship this line to my elk server, have following thoughts:
1_ Using elasticsearch api:
a ) Where should I define elasticsearch api url ?
b) Where should I define the index ?

2_ Using filebeat , (this is what I understand is needed)
a) Write logs lines to some file.
b) I install filebeat on my application server.
c) Config application log file path and provide filebeat reading permission.
d) Config filebeat parser to read my log lines.
e) Config kibana and elasticsearch api urls.
and .... filebeat will automagically create the index in elasticsearch and visualization in kibana?

I preffer option 1 .. it seems easier.
btw : Please provide more examples or complete documentation for php login library.
I can not find nothing to follow.
Regards.

warkolm · February 22, 2021, 1:17am

We aren't all guys

That said, I would log this to a file and then use Filebeat. Otherwise you need to handle things like connectivity, load balancing, failures, retries etc etc in your code. Filebeat handles all of this, and you also have a local backup of your log in case things go really wrong.

leostereo · February 22, 2021, 3:48am

Sorry for the guys thing ... (I thought guys includes both girls and boys)
Thanks for your words.
I totally agree with your idea.
On the other hand, I need to log the activity for a very small application running on a very small platform.
I would like to avoid rotating a log file and adding extra cpu load with filebeat.
So ... I steel need to try to post directly to the api.
I will investigate a little bit more and of course consider your idea as a second option.
Leandro

system · March 22, 2021, 3:48am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Using Filebeat with ecs logging Beats filebeat	1	246	June 1, 2021
What is the best practice to convert my custom logs to ECS(Or not) Beats filebeat	3	1277	October 31, 2019
Filebeat to send logs to Logstash and ES Elasticsearch	7	1495	October 22, 2019
Get logs from different EC2 instance Elasticsearch beats-module	4	1604	October 7, 2019
Elasticsearch and kibana for logging (newbie questions) Elasticsearch	1	822	July 5, 2017

ECS Logging for PHP / Question

Related topics