I am newbie on the ELK and i have done simple intergation with the cloud product(Very easy to use)
The problem started when i try to ship the logs with the new ECS(Elastic common schema) and i was lost..
I have custom logs.. Filebeat automatically added my log on the message property and filled in several fields automatically.
My question is if the best practice on my case is either create new log file that fits the ECS or use Logstash to convert my current log to be on the ECS .
I have on the same server several logs that i would like to send to elastic. which is another thing.. I have to use the same index or it is better to use different index for different logs.
I honestly don't know where to start.. Need some help here.
I read it and saw a few videos and webinar related to this topic and in general to elastic stack.
Unfortunately i still don't know what will be the best here.
Let's say i have a few log files:(I work with nodejs)
Custom logs for all events in the system(Every entry point and the result) - let's call it myMessage.
myMessage contain:
start time
time to process
request payload
response payload
ip and metadata
Statistics - For example every 10 minutes we have the count of live sessions
General logs
Now the questions is:
Assuming i need some of the request payload fields to be indexes and not just as text because i need to to create dashboard from this details. The best here is to adjust it to the ECS schema all the fields? Is there any convention to do it? What about the data that is not best fit for ECS .. for example message in ECS is text.. or other fields
General logs can be send to different index? for this use case, when i don't need to visulize i can just send all my logs as text to another index.
Statistics logs should be sent in the same way? I do want to visulize them
Hope it make sense.. I really want to start with that and get the benefit of using ELK stack
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.