This talk covers the basics of centralizing logs in Elasticsearch and all the strategies that make it scale with billions of documents in production. Topics include: - Time-based indices and index templates to efficiently slice your data - Different node tiers to de-couple reading from writing, heavy traffic from low traffic - Tuning various Elasticsearch and OS settings to maximize throughput and search performance - Configuring tools such as logstash and rsyslog to maximize throughput and minimize overhead