Recently, I have been on a systems integration project, using an API centric platform (Mulesoft), which means we have many applications involved in each integration activity.
One of the issues we are struggling with is disparate logging, and following the bouncing ball through all the applications, and separating the noise from the critical / actionable information.
Our plan is to use Graylog as central log management application.
We would send the logs from each application to Graylog, including the correlation IDs.
Given that there may be many logs in a given integration ( same correlation ID ), we want to trigger an alert / notification when a defined error condition occurs, and include all related log messages (same correlation ID).
This means including log messages both before and after the actual log message containing the trigger condition.
Can someone point me to how this is usually done Graylog ?