How to store logs in Elastic Search?

psprint · May 18, 2018, 12:03pm

I'm writing a shell tool that allows to quickly log messages without slowing down the shell. I stumbled upon elasticsearch, it seems to be very good for this task, but I cannot find solution to the following: How to keep the order that log messages have, and store it to ElasticSearch?

For example, if there would be a field like in MySQL "id integer autoincrement", then logs would be correctly ordered. But maybe my direction is wrong, as ESearch seems to work with logs and I didn't see any "ordered id" mentions in docs and tutorials.

Christian_Dahlqvist · May 18, 2018, 12:09pm

Ordering information is generally added client side when documents are indexed. Timestamps are often extracted and can help ordering events, but if you are using Filebeat to read data from files it also provides an offset within the file, which can be used to separate events with the same timestamp.

psprint · May 18, 2018, 12:30pm

Thanks. I'll be having much identical second and millisecond timestamps, however at microsecond level, I get the needed difference (Zshell code):

% echo $EPOCHREALTIME; echo $EPOCHREALTIME 
1526646431.6686060429
1526646431.6686699390

So I think about adding 2 fields, first for integer part, second (is there a float type?) for the fraction part of this "realtime" timestamp.

system · June 15, 2018, 12:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.