Elasticsearch is the backend application that is used for log monitoring. Elasticsearch is an
open source distributed search and analytics engine. Logstash and filebeat are used for collecting,
aggregating and enriching the data stored it in Elasticsearch. Since IBM CICS TX on Cloud supports
JSON format, the need for logstash as parser is not required. However, the developers and
administrators can still use the logstash as a buffer mechanism. IBM CICS TX on Cloud is not limited
only to the Elastic stack. It also supports EFK (Elastic, Fluentd and kibana) so the administrator
doesn’t have to stick to the ELK stack.
CICSTX allows the following possibilities of configuring Elasticsearch.
- Fluentd > Elasticsearch.
- File beat > Elasticsearch.
- File beat > log stash > Elasticsearch.
The administrator has the choice to use filebeat or fluentd as the sidecar container. He must
change the configmap-logging.yaml provided in the helm chart to use one of the above
configurations.
Note: By default, only the console.nnnnnn messages,
CSMT.out and symrecs are the only messages sent to Elasticsearch.
The console.nnnnnn messages, CSMT.out and symrecs
are in the JSON format others are in the plain text format. CICS uses sidecar method to stream the
logs to the backend logging pod.