Guide families Format Comparisons Best Format Guides Best Format for Convert Guides
Use-case recommendation

Best Format for SIEM-Friendly Operational Logs

JSON logs are generally best for SIEM ingestion and rule-based analytics.

Open Samples Open Manifest
Recommendation

Define the default first.

JSON

Structured JSON fields map cleanly into SIEM pipelines and detections.

application/json

Open Samples Open Hub

SYSLOG

Use syslog where existing forwarders and collectors are syslog-native.

Files: 5

Samples Hub

TRACE

Use trace data to complement timing-level investigations.

Files: 5

Samples Hub
Related decisions

Keep adjacent decisions one step away.

Access Log vs JSON Log Best Data Format for APIs How to Convert ACCESSLOG to JSON
FAQ

Resolve the likely objections early.

What is the default format recommendation for this use case?

JSON is the recommended default format here.

How should teams validate this recommendation?

Use sample files and manifest endpoints to test compatibility and behavior before rollout.