These days, after a dozen or so years of dealing with log aggregation and other systems, I just suggest to all our engineers to log a lot less and use (opentracing or opentelemetry) traces and trace events where they would normally use logs. With fields added where you'd otherwise add fields to your structured logs. It really encapsulates all these best practices and then some, for collecting, filtering, and navigating telemetry.<p>The main exception I can think of is legacy systems that can't really be retrofitted with tracing. In which case you're probably not in a position to implement logging best practices either. I suppose audit is another exception, where you want a longer-term record of what's happened, but even there I think traces get you the much better story of what happened across your environment and you just need a better archival storage solution for them.