Agent skill

log-aggregation

Implement centralized logging with ELK Stack, Loki, or Splunk for log collection, parsing, storage, and analysis across infrastructure.

View SKILL.md on GitHub Repository
Stars 151
Forks 20

Install this agent skill to your Project

npx add-skill https://github.com/aj-geddes/useful-ai-prompts/tree/main/skills/log-aggregation

SKILL.md

Log Aggregation

Table of Contents

Overview

Build comprehensive log aggregation systems to collect, parse, and analyze logs from multiple sources, enabling centralized monitoring, debugging, and compliance auditing.

When to Use

  • Centralized log collection
  • Distributed system debugging
  • Compliance and audit logging
  • Security event monitoring
  • Application performance analysis
  • Error tracking and alerting
  • Historical log retention
  • Real-time log searching

Quick Start

Minimal working example:

yaml
# docker-compose.yml - ELK Stack setup
version: "3.8"

services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:8.5.0
    environment:
      - discovery.type=single-node
      - xpack.security.enabled=false
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ports:
      - "9200:9200"
    volumes:
      - elasticsearch_data:/usr/share/elasticsearch/data
    healthcheck:
      test: curl -s http://localhost:9200 >/dev/null || exit 1
      interval: 10s
      timeout: 5s
      retries: 5

  logstash:
    image: docker.elastic.co/logstash/logstash:8.5.0
    volumes:
      - ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf
    ports:
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide Contents
ELK Stack Configuration ELK Stack Configuration
Logstash Pipeline Configuration Logstash Pipeline Configuration
Filebeat Configuration Filebeat Configuration
Kibana Dashboard and Alerts Kibana Dashboard and Alerts
Loki Configuration (Kubernetes) Loki Configuration (Kubernetes)
Log Aggregation Deployment Script Log Aggregation Deployment Script

Best Practices

✅ DO

  • Parse and structure log data
  • Use appropriate log levels
  • Add contextual information
  • Implement log retention policies
  • Set up log-based alerting
  • Index important fields
  • Use consistent timestamp formats
  • Implement access controls

❌ DON'T

  • Store sensitive data in logs
  • Log at DEBUG level in production
  • Send raw unstructured logs
  • Ignore storage costs
  • Skip log parsing
  • Lack monitoring of log systems
  • Store logs forever
  • Log PII without encryption

Didn't find tool you were looking for?

Be as detailed as possible for better results