We are writing Log Statements in Java, and reviewing the info and exception alerts. The team is then conducting a Splunk Search count of log statements by Category.
Many of our log statements can have share multiple categories. Using this url reference for key-value pair, https://dev.splunk.com/enterprise/docs/developapps/addsupport/logging/loggingbestpractices/
This is sample log statement code.
LOG.info("CategoryA=true , CategoryG=true");
Of course, we aren't going to write "Category=false" in any logger, since its inherent in the statement.
Is this a overall good method to count values in Splunk by Category, or is there optimal, more performace based practice?
Before you decide how to put the data into Splunk, decide how you want to get it out. If, for example, you anticipate searching for categories that are off, you'll have difficulty. Splunk can't search for something that's not there, but can search for "CategoryB=false".