Amir Katz
Reputation: 1037
Standardize log data in ELK - Elastic Logstash Kibana
I'm using ELK for log managment.
What is the best practice for manage log level. In one log its lower case at the other its bigger case.
Where is the best place to resolve this?
- At the logstash?
- At Elastic DB?
- Kibana while execute the query?
And how?
Upvotes: 0
Views: 857
Answers (1)
Alain Collins
Reputation: 16362
Two suggestions:
- normalize the string value. Whether it's "DEBUG", "Debug" or "debug" is up to you.
- add a numerical equivalent.
This way, you can run queries like: "severity_num:<=3" to get the bad stuff and then use the string "severity" field in the display.
More details here.
Upvotes: 2
Related Questions
- Spring Boot - How to log all requests and responses with exceptions in single place?
- Kibana Not Showing Any Logs (ELK Stack)
- Filebeat unable to send data to logstash which results in empty data in elastic & kibana
- How to buffer logstash logs to elastic search
- ELK Stack - Elasticsearch index creation (logstash)
- ELK - Filtering data with Logstash
- What is better: logStash agents on the appserver or the remote kibana server?