Log Setup for Elasticsearch 2.3.3
Update the configuration file: /etc/elasticsearch/logging.yml to customize the logging format and behavior for ES 2.3.3.
Logging has the needed ownership in the default location. Choose a separate, dedicated partition of ample size to move the log directory and make the
elasticsearchuser the owner of that directory:chown -R elasticsearch:elasticsearch <path_to_log_directory>Best practice - Turn off the rotation of log4j and use logrotate for better archiving and compression than the built-in log4j.
Edit the
logging.ymlto limit the amount of space consumed by Elasticsearch log files in the event of an extremely high rate of error logging.
Locate thefile:section and make these changes:Before
file: type: dailyRollingFile file: ${path.logs}/${cluster.name}.log datePattern: "'.'yyyy-MM-dd" ...After
file: type: rollingFile # change from dailyRollingFile maxBackupIndex: 0 maxFileSize: 1000000000 # 1 GB file: ${path.logs}/${cluster.name}.log # datePattern: "'.'yyyy-MM-dd" # remove ...Repeat for the deprecation and slowlog log files, as appropriate:
deprecation_log_file: type: rollingFile file: ${path.logs}/${cluster.name}_deprecation.log layout: type: pattern conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" maxBackupIndex: 0 maxFileSize: 1000000000 # (1GB) index_search_slow_log_file: type: rollingFile file: ${path.logs}/${cluster.name}_index_search_slowlog.log layout: type: pattern conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" maxBackupIndex: 0 maxFileSize: 1000000000 # (1GB) index_indexing_slow_log_file: type: rollingFile file: ${path.logs}/${cluster.name}_index_indexing_slowlog.log layout: type: pattern conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" maxBackupIndex: 0 maxFileSize: 1000000000 # (1GB)
Related content
© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.