I’m curious what others have decided on as best practices for their log capture. For example:
‘type’ -
application_log for log entries from apps
access_log for http access entries
windows_event_log for windows event log entries
‘application’ -
set to the name of an application for their application logs and access logs
‘loglevel’ -
normalized into uppercase and one of ‘debug’, ‘info’, ‘warning’ or ‘error’ (no severe, fatal, etc.)
‘original_message’ -
set to the original log message before manipulating it with pipeline rules
I’m curious what others have settled on as their own best practices.