Kibana allows us to browse data indexed in Elasticsearch nodes. We’re going to run Kibana in a Docker container and set up its configuration so it displays logs from our example Spring Boot app.
Why should we learn how to process application logs with Elastic Stack? After all, the default logging mechanism in Spring Boot allows us to start working on our POC in no time. However, we must be aware that inadequate logging makes debugging and monitoring difficult in a production environment.
Default minimum and maximum heap size used by Elasticsearch is set to 1GB. I want to show you how you can modify this value when running the service with Docker.
We don’t want to allocate too much space for our log files. Let’s see how we can manage their livespan.
Apart from having logs displayed directly in the console, we can configure our Spring Boot project to write log entries into files. It not only allows us to easily store and share logs for debugging, but also can be the first step towards browsing them in Kibana.
When dealing with an exception stack trace we have to not only construct a separate match for our grok filter but also make sure that all lines will be treated as one entry.
I want to show you some issues that I encountered while applying the Grok filter plugin on logs. Most of my problems resulted from overusing the GREEDYDATA pattern (.*). I tested my solutions with the Grok Debugger app where you can also find the list of available patterns.