Discuss the Elastic Stack

What is the best way to index of documents when aggregating logs?

Elastic Stack Elasticsearch

zacscoding (Zac Coding) August 19, 2017, 7:47pm 1

I want to use on elasticsearch for saving access log datas from WEB APP or Database

Web app logs and Database logs have difference fields respectively.
for example,
was-access log :
"url" : xxx,
"session-id" : xxx,
"status-code" : xxx,
...
db-access log :
"query" : xxx
...

So, i thought 2 ways to save access logs.

first :
(access datas from WEB APP)
index : was-access
type : logs
fields..
(access datas from DB)
index : db-access
type : logs
fields..
second :
index : 2017-08-20 (i.e created index everyday)
type : was-access || db-access
fields..

what is the best way to save datas?

warkolm (Mark Walkom) August 19, 2017, 9:13pm 2

If they are different formats, then different indices is the best option.

zacscoding (Zac Coding) August 21, 2017, 1:16am 3

thx for reply : )

that is my second focus about my question

The first is that it is best option to save index for every day.

for example
first option :
index : 2017-08-21
type : was
format..

index : 2017-08-20
type : was
format..

second option :
index : was
format..

what is the better option ??

warkolm (Mark Walkom) August 21, 2017, 2:02am 4

We recommend time based indices, but daily or not depends on the volumes that you are ingesting.

zacscoding (Zac Coding) August 22, 2017, 1:09am 5

thx for reply
It will be great idea to implement my app

system (system) Closed September 19, 2017, 1:09am 6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

© 2020. All Rights Reserved - Elasticsearch

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.