I'm using graylog as central logging server and i'm using a gelf log4j2-appender to send the log messages to graylog. This works fine. Now i created a docker image of my application and i'm able to run my software as docker container.
Using docker i also log to stdout (console-appender) to get the application logs into docker (docker logs {containerId}).
Now i ask myself wether i could spare on the gelf log4j2-appender and use instead a docker log-driver/plugin for gelf. (see https://docs.docker.com/engine/admin/logging/overview/)
What's the best practice here? I think using the docker log plugin would send the whole string message to graylog and graylog would need to extract the meta information from that string (so i need to provide this meta data within the log message, for example the log_level). This may cause more resource consumption on graylog side and it's also not possible to configure docker for sending only error messages to graylog. This leads to more network traffic. Using the log4j2 gelf-appender i'm able to provide some meta data additional to the log message without including it in the main log message and there wouldn't be an extraction needed on graylog side. It's also possible to configure which messages should be sent to graylog by log_level. Or am i wrong? What is the best solution or what are the pros and cons of each way of sending logs to graylog?