Elasticsearch for log management

[hasibaakterss3309]

ES is great not only for searching, but also for collecting/storing logs. By combining the system with Logstash and Kibana, you can create a powerful system for processing them. It is not necessary to use Logstash, FluentBit, Filebeat, Vector or sending logs directly from the application via the ES API are quite sufficient. If there are a lot of logs, you can put a message broker before the parser.

Restrictions
It is not worth storing critical data (orders, payments kazakhstan telegram number database applications, etc.) in ES. It is better to use it as a data showcase, of which there are many and it takes a long time to select them from a relational DBMS.

There is no differentiation of rights at the application level. Elasticsearch has users and they can be assigned rights to individual indexes and operations in them (creating indexes, adding records to the index, reading from certain indexes). But it is impossible to implement the differentiation of rights as in an application (online store, portal, etc.) using ES. The role model at the application level can be very complex and it is not always possible (and necessary) to repeat the same at the database level (which is essentially what ES is). You can basically create something of your own, but it is unlikely that complex role models will be implemented properly.

Due to the lack of "normal" relationships, it will be necessary to create intermediate indexes with denormalized data.

There are no transactions as in a relational DBMS, which can lead to inconsistent and inconsistent data in indexes. If you need to ensure compliance with ACID requirements, you will have to implement them at the level of your application.