How to insert timestamps in applications that use Elastic in their logging architecture?

Hi,

I want to understand the proper or the right way to insert timestamps in log messages. Is it good policy to rely on docker or k8s to take care of my log timestamps or is it a good practise to design applications/instrumented libraries to insert my defined log format which includes time field.

At the moment, with a multi-threaded application, I am unable to sort logs in order. All the log messages from different threads end-up showing the same time. I would like to log them with precise information, maybe include nanoseconds if needed.

Thanks,
Teja

Welcome to our community! :smiley:

In my opinion; If you want specific precision, you'd be best off defining that in your code so you always know it's there.

1 Like

Thanks Mark!

So, you suggest to construct my own timestamp in the code instead of relying on infrastructure.

But in general, do we see logging as the troubleshooting mechanism for such precise debugging or is it tracing or something else?

If you can, both will be useful.

1 Like

Also, what about the support in Elastic components?

  • Does all of them support?
  • Do we see any performance issues with such ingestion and querying?

Support what sorry?

I mean to say, if a service has log messages with nano second precision. Can we ingest them in Elasticsearch? Does querying and sorting of these messages consume extra resources and time?

I am also thinking about compliance to general logging RFCs. Can we mark them as compliant by introducing nano seconds?

Yes, Elasticsearch supports nanosecond dates.

1 Like