I’m curious what others have decided on as best practices for their log capture. For example:
application_log for log entries from apps
access_log for http access entries
windows_event_log for windows event log entries
set to the name of an application for their application logs and access logs
normalized into uppercase and one of ‘debug’, ‘info’, ‘warning’ or ‘error’ (no severe, fatal, etc.)
set to the original log message before manipulating it with pipeline rules
I’m curious what others have settled on as their own best practices.