流式处理应用程序日志

Elastic Stack Serverless

应用程序日志提供了对您的服务和应用程序中发生的事件的宝贵洞察。

日志的格式（结构化或纯文本）会影响您的日志摄取策略。

纯文本日志 vs. 结构化 Elastic Common Schema (ECS) 日志

日志通常以纯文本或结构化格式生成。纯文本日志仅包含文本，没有特殊格式，例如：

		2019-08-06T12:09:12.375Z INFO:spring-petclinic: Tomcat started on port(s): 8080 (http) with context path, org.springframework.boot.web.embedded.tomcat.TomcatWebServer
2019-08-06T12:09:12.379Z INFO:spring-petclinic: Started PetClinicApplication in 7.095 seconds (JVM running for 9.082), org.springframework.samples.petclinic.PetClinicApplication
2019-08-06T14:08:40.199Z DEBUG:spring-petclinic: init find form, org.springframework.samples.petclinic.owner.OwnerController

	

结构化日志遵循预定义的、可重复的模式或结构。此结构在写入时应用，避免了在摄取时进行解析的需求。Elastic Common Schema (ECS) 定义了一组通用的字段，用于结构化日志。此结构允许轻松摄取日志，并提供了在日志中的各个字段上进行关联、搜索和聚合的能力。

例如，当使用与 ECS 兼容的 JSON 进行结构化时，前面的示例日志可能如下所示：

		{"@timestamp":"2019-08-06T12:09:12.375Z", "log.level": "INFO", "message":"Tomcat started on port(s): 8080 (http) with context path ''", "service.name":"spring-petclinic","process.thread.name":"restartedMain","log.logger":"org.springframework.boot.web.embedded.tomcat.TomcatWebServer"}
{"@timestamp":"2019-08-06T12:09:12.379Z", "log.level": "INFO", "message":"Started PetClinicApplication in 7.095 seconds (JVM running for 9.082)", "service.name":"spring-petclinic","process.thread.name":"restartedMain","log.logger":"org.springframework.samples.petclinic.PetClinicApplication"}
{"@timestamp":"2019-08-06T14:08:40.199Z", "log.level":"DEBUG", "message":"init find form", "service.name":"spring-petclinic","process.thread.name":"http-nio-8080-exec-8","log.logger":"org.springframework.samples.petclinic.owner.OwnerController","transaction.id":"28b7fb8d5aba51f1","trace.id":"2869b25b5469590610fea49ac04af7da"}

	