I'm working on a medium size distributed web application (MVC, WebAPI, WCF, Queues, etc), and I'm in need of a good strategy for proper end to end tracing across multiple phisical layers.
At the moment our existing logging code is already using the EventSource from .NET 4.5 and there's already a service that dumps events to some place (console only at the moment). We will probably adopt your recently published writer to ElasticSearch as its
just what we need. Thanks!
Now the hard part for me is to correlate the massive stream of data we get out of this. I've been reading about the ActivityId/RelatedActivityId and the transfer process, and I'm just not sure if this is usable for this high level view.
Basically I want to track a web request since it first reaches the first web server down to the data layer, probably on a different machine. If I understand this correctly I would have to get the first activity id (easy) and then start an almost recursive process
following all the transfers.
If we use a tool like elasticsearch I'm almost sure this is not a feasible query, and if we use a traditional relational database it won't be easy either.
The alternative I see is to somehow do this work at ingestion time but then I'm seeing issues with out of order arrival of log messages.
Or should I just stick my own "CorrelationID" in every single message so then I can just query on that ID?
Any ideas would be really appreciated.