Centralized Logging Patterns

Most organizations feel the need to centralize their logs — once you have more than a couple of servers or containers, ssh and tail will not serve you well any more. However, achieving that is often a struggle.

In this talk, Philipp presents a simple Java application and multiple logging patterns with their advantages and disadvantages, so you can pick the one that fits your organization best:

• Parse: Take the log files of your applications and extract the relevant pieces of information.
• Send: Add a log appender to send out your events directly without persisting them to a log file.
• Structure: Write your events in a structured file, which you can then centralize.
• Containerize: Keep track of short lived containers and configure their logging correctly.
• Orchestrate: Stay on top of your logs even when services are short lived and dynamically allocated on Kubernetes.

While the general patterns are applicable with any centralized logging system, each has its own demo with the Elastic Stack (previously called ELK Stack), so you can easily try out the different approaches in your environment.