Working with logs

duck · March 1, 2021, 9:02am

We're building a logging system for our project. We want to see almost everything as a log like Docker, application console etc. Since we're growing up, we do not want to make mistake about logs(wrong scheme, indexing, querying etc.)

There are few questions in my mind,

After some times, log file size will grow up and be a problem. What should we do about it?
We want to log user actions like when they purchase something or their message logs etc. For that purpose, what should we do? Should we save their message logs with timestamp to Elasicearch?
We want to analyze everything. Should we use timestamp for every document?

I'd like to hear your ideas. Thanks!

warkolm · March 2, 2021, 2:19am

Use [ILM]ILM: Manage the index lifecycle | Elasticsearch Guide [8.11] | Elastic).
Yes, that's a log
If it's time based data then 100% you should

If we're being honest, you will make a mistake. There's no way to make something completely, 100% correct. You're better off making your system and process resilient to changes.

Topic		Replies	Views
Indexing best practice Elasticsearch	4	679	December 23, 2020
ElasticSearch log management Elasticsearch	4	400	July 6, 2017
Increased log retention for set of logs within an index Elasticsearch	4	468	September 5, 2022
Best practice in elasticsearch idnex Elasticsearch	6	335	September 15, 2021
Elasticsearch for mid/long term storage Elasticsearch	8	5210	July 6, 2017

Working with logs

Related topics