Working with logs

duck · March 1, 2021, 9:02am

We're building a logging system for our project. We want to see almost everything as a log like Docker, application console etc. Since we're growing up, we do not want to make mistake about logs(wrong scheme, indexing, querying etc.)

There are few questions in my mind,

After some times, log file size will grow up and be a problem. What should we do about it?
We want to log user actions like when they purchase something or their message logs etc. For that purpose, what should we do? Should we save their message logs with timestamp to Elasicearch?
We want to analyze everything. Should we use timestamp for every document?

I'd like to hear your ideas. Thanks!

warkolm · March 2, 2021, 2:19am

Use [ILM]ILM: Manage the index lifecycle | Elasticsearch Guide [8.11] | Elastic).
Yes, that's a log
If it's time based data then 100% you should

If we're being honest, you will make a mistake. There's no way to make something completely, 100% correct. You're better off making your system and process resilient to changes.

system · March 30, 2021, 2:20am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Indexing best practice Elasticsearch	4	447	December 23, 2020
Is greates store logs into one indice or store in N small indices? Elasticsearch	5	293	July 29, 2021
Building Elasticsearch Project Elasticsearch	4	321	March 30, 2021
Best practise for index creation Elasticsearch	15	4836	December 25, 2017
Elasticsearch Index management strategy Elasticsearch docker	5	374	July 25, 2023

Working with logs

Related topics