Is there a common standard or recommendations or methodologies for the log format (which fields are needed) for ELK?
What is ELK?
ELK is the acronym for three open source projects: Elasticsearch, Logstash, and Kibana. (I had to look this up, I didn’t know.)
I can’t find anything outside the obvious (use 023-09-05T10:00:00Z style ISO 8601 timestamps, include DEBUG/INFO/WARN/ERROR/FATAL log levels, include host name and IP address, include the app or service name, etc)
This web page in the Elastic docs refers to the Common Log Format, but this page in the docs doesn’t say anything about any particular format.
I’d just use a format that is compatible with the log analysis tools you already use.
1 Like