| Table of Contents |
|---|
...
With the same REST API, you can index logs directly from your application, or you can craft your own "log sender".
NOTE:
If you are sending logs from your application use the Elasticsearch HTTP API. If you are sending logs from a Java application use a library like log4j2-elasticsearch-http or Jest instead of Elasticsearch TransportClient.
Besides specifying your Logsene app token as the index name, it's nice to have a field named "@timestamp". Its value should be a valid ISO 8601 timestamp. This will be used for searching and sorting when/if you use Kibana with Logsene. If you don't provide a timestamp, Logsene will add one when it receives your message.
...
If the default log index fields (also known as index mapping) don't fit your needs you can create completely custom index mapping. See Custom Logsene Mapping Template How-To. Note that if you have N different log structures, the best way to handle that is by creating N Logsene Apps, each with its own index mapping. For example, you may have web server logs, your system logs in /var/log/messages, and your custom application logs. Each of these 3 types of logs has a different structure. The web server logs probably use Apache Common Log format, the logs in /var/log/messages have syslog structure, and your own application's logs can be in any format your application happens to use. To handle all 3 log formats elegantly simply create 3 separate Logsene Apps , and use a different format for each of them. See Custom Logsene Mapping Template How-To for details.
...