# What is Log Aggregation? * It's a way of collecting and tagging application logs from many different services into a single dashboard that can easily be searched ### Popular Open Source Option: ELK

#### Logstash: * Gets all the messages * Uses each field as a tag (let's say, `time, user, what the user did` * Does not log the messages but sends them to Elasticsearch

#### Elasticsearch * Efficient database that logs all the info coming in from Logstash #### Kibana * You as the admin would connect to Kibana * Kibana would query Elasticsearch (the DB) * You would get the results needed to identify the fault ### How to use ELK to diagnose a PROD problem? * Report: user saw error code 12345 when he tried to do "x" actions * With ELK set up, all we have to do is go to Kibana and query recent logs for 12345 * That might give us the name of the service: "backend" * Then we could narrow down the time to the five second interval around the error and filter for log messages emitted by either the backend or the database * Finally, we'd read those log messages to find the context for the bug ### Bonus: Add log aggregation as an extra test * Could be useful to see if there is any error messages coming back from running the stack ```docker FROM vm/ubuntu:18.04 RUN docker-compose up -d RUN docker-compose -f elk.yml up -d RUN docker-compose exec web npm run test RUN docker-compose exec elasticsearch curl -x GET 'http://localhost:9200/logs/_search ``` ### Options of Log Aggregation platforms: * ELK * Fluentd * DataDog * LogDNA * AWS CloudWatch Logs