Fork me on GitHub
#observability
<
2022-02-18
>
timo12:02:35

For my understanding: When I don't see the data part of log messages like (log/error "Foo" {:bar "baz"} parsed in elasticsearch but only as a string. Does it mean that the setup is wrong? Should I work on the parsing-config in e.g. logstash? Or is this the way it is?

lukasz14:02:32

I never used logstash, but I worked with fluentd and yes - you have to setup a parser on logstash side, and/or emit JSON from your application logs as well

👍 1
timo18:02:59

ok, actually it seems to me that we are using fluentd as well at my new job...will look into that. Thanks!

lukasz19:02:03

I'm sorry to hear that, it's not my fav piece of software :-(

lukasz19:02:20

we're prepping a POC with http://vector.dev

lukasz19:02:28

as we had way too many issues with fluentd

timo19:02:47

good to know...I would love to use ulog for application-logs anyway so that there is no need to go through fluentd or something similar anymore

lukasz19:02:39

It's still a good practice to have a collector (or forwarder sidecar) so that your app doesn't depend directly on your log storage - we run into a lot of issues when using logback and google cloud logging few years ago, so it was better to front it with something else

timo20:02:26

makes sense