add documentation for logging to ELK using the ECS format

docs/src/main/asciidoc/centralized-log-management.adoc

@@ -253,6 +253,16 @@ input {
     coded => json
   }
 }
+
+filter {
+  if ![span][id] and [mdc][spanId] {
+    mutate { rename => { "[mdc][spanId]" => "[span][id]" } }
+  }
+  if ![trace][id] and [mdc][traceId] {
+    mutate { rename => {"[mdc][traceId]" => "[trace][id]"} }
+  }
+}
+
 output {
   stdout {}
   elasticsearch {
@@ -269,7 +279,7 @@ Then configure your application to log in json format instead of GELF
 </dependency>
 ----
 
-and specify the host and port of your Logstash endpoint.
+and specify the host and port of your Logstash endpoint. To be ECS compliant, some keys need to be renamed.
 
 [source, properties]
 ----
@@ -279,10 +289,27 @@ quarkus.log.console.json=false
 quarkus.log.socket.enable=true
 quarkus.log.socket.json=true
 quarkus.log.socket.endpoint=localhost:4560
+
 # to have the exception serialized into a single text element
 quarkus.log.socket.json.exception-output-type=formatted
-#add any additional fields you want
-quarkus.log.socket.json.additional-field."ServiceVersion".value=${quarkus.application.version}
+
+# override some keys to be ECS compliant
+quarkus.log.socket.json.key-overrides=timestamp=@timestamp,\
+	logger_name=log.logger,\
+	level=log.level,\
+	process_id=process.pid,\
+	process_name=process.name,\
+	thread_name=process.thread.name,\
+	thread_id=process.thread.id,\
+	sequence=event.sequence,\
+	host_name=host.hostname,\
+	stack_trace=error.stack_trace
+quarkus.log.socket.json.excluded-keys=loggerClassName
+quarkus.log.socket.json.additional-field."service.environment".value=${quarkus.profile}
+quarkus.log.socket.json.additional-field."service.name".value=${quarkus.application.name}
+quarkus.log.socket.json.additional-field."service.version".value=${quarkus.application.version}
+quarkus.log.socket.json.additional-field."data_stream.type".value=logs
+quarkus.log.socket.json.additional-field."ecs.version".value=1.12.2
 ----