I'm writing a shell tool that allows to quickly log messages without slowing down the shell. I stumbled upon elasticsearch, it seems to be very good for this task, but I cannot find solution to the following: How to keep the order that log messages have, and store it to ElasticSearch?
For example, if there would be a field like in MySQL "id integer autoincrement", then logs would be correctly ordered. But maybe my direction is wrong, as ESearch seems to work with logs and I didn't see any "ordered id" mentions in docs and tutorials.
Ordering information is generally added client side when documents are indexed. Timestamps are often extracted and can help ordering events, but if you are using Filebeat to read data from files it also provides an offset within the file, which can be used to separate events with the same timestamp.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.