I have about 5 apps to monitor using log parsing with ELK.
Does it make sense to create new index for each application log or only one index is sufficient to store all app logs. The logs for these apps would also contain ERROR and WARNING fields which would help visualize error and warnings separately in a great way.
Thanks
Welcome to our community! 
Are they all the some format, or very different?
some are access logs, some are airflow logs and hadoop logs etc
It's a good idea to group logs that share the same structure, and you can use ECS to reformat them if you'd like,
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.