Get startededit

ECS logging for PHP is currently only available for Monolog v2.*.

Step 1: Set up application loggingedit

Add the dependencyedit

composer require elastic/ecs-logging

Configure Monolog loggeredit

Elastic\Monolog\v2\Formatter\ElasticCommonSchemaFormatter implements Monolog’s FormatterInterface and thus it can be used when setting up Monolog logger.

For example:

use Monolog\Logger;
use Monolog\Handler\StreamHandler;
use Elastic\Monolog\Formatter\ElasticCommonSchemaFormatter;

$log = new Logger('MyLogger');
$handler = new StreamHandler('php://stdout', Logger::DEBUG);
$handler->setFormatter(new ElasticCommonSchemaFormatter());
$log->pushHandler($handler);

$log->warning('Be aware that...');

Logs the following JSON to standard output:

{"@timestamp":"2021-02-07T18:08:07.229676Z","log.level":"WARNING","message":"Be aware that...","ecs.version":"1.2.0","log":{"logger":"MyLogger"}}

Additionally, it allows for adding additional keys to messages.

For example:

$log->info('My message', ['labels' => ['my_label_key' => 'my_label_value'], 'trace.id' => 'abc-xyz']);

Logs the following (multi-line formatted for better readability):

{
    "@timestamp": "2021-02-08T06:36:38.913824Z",
    "log.level": "INFO",
    "message": "My message",
    "ecs.version": "1.2.0",
    "log": {
        "logger": "MyLogger"
    },
    "labels": {
        "my_label_key": "my_label_value"
    },
    "trace.id": "abc-xyz"
}

Step 2: Configure Filebeatedit

  1. Follow the Filebeat quick start
  2. Add the following configuration to your filebeat.yaml file.

filebeat.yaml.

filebeat.inputs:
- type: log
  paths: /path/to/logs.json
  json.keys_under_root: true
  json.overwrite_keys: true
  json.add_error_key: true
  json.expand_keys: true

For more information, see the Filebeat reference.