...
Let's explain each field:
- [log_id] : the log id which must be . This id IS UNIQUE per daytime event, per facet value and field. The time event, which is "daily" by default, correspond to the unity that will be used to visualize data in Kibana. For example, with the default "daily" unity, you will have one Elasticsearch document by facet value and value, in order to exploit those logs with ELKfield, by day. If you set the time event unity to "hourly" you will have one Elasticsearch document by facet value and field by hour. The time event unity can be changed in the code.
- [timestamp] : the timestamp of the log. It is formatted and could be different from the log4j timestamp so it is mandatory
- [num_doc] : the number of documents found according to the facet
- [facet_value] : the facet value
- [facet_field] : the facet field used, in relation with the facet value
...