How to insert timestamps in applications that use Elastic in their logging architecture?

TejaV · July 2, 2020, 5:49pm

Hi,

I want to understand the proper or the right way to insert timestamps in log messages. Is it good policy to rely on docker or k8s to take care of my log timestamps or is it a good practise to design applications/instrumented libraries to insert my defined log format which includes time field.

At the moment, with a multi-threaded application, I am unable to sort logs in order. All the log messages from different threads end-up showing the same time. I would like to log them with precise information, maybe include nanoseconds if needed.

Thanks,
Teja

warkolm · July 6, 2020, 11:05pm

Welcome to our community!

In my opinion; If you want specific precision, you'd be best off defining that in your code so you always know it's there.

TejaV · July 7, 2020, 7:57am

Thanks Mark!

So, you suggest to construct my own timestamp in the code instead of relying on infrastructure.

But in general, do we see logging as the troubleshooting mechanism for such precise debugging or is it tracing or something else?

warkolm · July 7, 2020, 7:58am

If you can, both will be useful.

TejaV · July 7, 2020, 7:59am

Also, what about the support in Elastic components?

Does all of them support?
Do we see any performance issues with such ingestion and querying?

warkolm · July 7, 2020, 8:02am

Support what sorry?

TejaV · July 7, 2020, 8:02am

I mean to say, if a service has log messages with nano second precision. Can we ingest them in Elasticsearch? Does querying and sorting of these messages consume extra resources and time?

I am also thinking about compliance to general logging RFCs. Can we mark them as compliant by introducing nano seconds?

warkolm · July 16, 2020, 1:32am

Yes, Elasticsearch supports nanosecond dates.

system · August 13, 2020, 1:32am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.