"Type" is a logical field in Elasticsearch that is used to separate different documents from one another.
In a nutshell, Logz.io has been designed around the field type, so you will have an optimal experience when properly using this field.
How should I choose my type?
You should always choose the type by log format, and not source.
- If you have 5 apache servers, you will choose "type" as apache_access, and not apache_access1, apache_access2... and so on.
- By the same token, if you have an apache server and a nginx server, you don't want to choose your "type" as serverlogs for both
In addition, most log shippers also allow you to add additional parameters, so you can use the parameters to identify the environment by name if needed.
What do I gain by properly using type with Logz.io?
- Easier to maintain and less room for error - if you are planning to scale and grow, you will have an easier time managing your logs long term
- That's how Logz.io identifies logs for Parsing
- If you want to parse your logs yourself, our Parsing Wizard will work by identifying your log type
- Logz.io can also parse some common log types out of the box and provide you with a richer logging experience - more details here
- Lastly, our support team can assist you with all of your parsing needs, but for that, we will need a type as well
- So help us optimize your experience: If you only work with one type, any time you make a change to your parsing, it could potentially affect other log formats in the same type
- Our Billing page shows you a breakdown of usage by Type
- Our Alerts page filters fields that are available by the Type
- Our ELK Apps (for pre-built Visualizations and Dashboards) identifies your logs by Type
- Our Insights will label your logs by Type