To Update the configuration file: /etc/elasticsearch/logging.yml to customize the logging format and behavior for ES 2.3.3, update its configuration file: /etc/elasticsearch/logging.yml
...
Logging has the needed ownership in the default location. Choose a separate, dedicated partition of ample size to move the log directory and make the
elasticsearchuser the owner of that directory:Code Block language bash chown -R elasticsearch:elasticsearch <path_to_log_directory>
Best practice - For Turn off the rotation of log4j and use logrotate for better archiving and compression than the built-in log4j, turn off the rotation of log4j and use logrotate.
Edit the
logging.ymlto limit the amount of space consumed by Elasticsearch log files in the event of an extremely high rate of error logging.
Locate thefile:section and make these changes:Before
Code Block language text titleBefore file: type: dailyRollingFile file: ${path.logs}/${cluster.name}.log datePattern: "'.'yyyy-MM-dd" ...After
Code Block language text title After file: type: rollingFile # change from dailyRollingFile maxBackupIndex: 0 maxFileSize: 1000000000 # 1 GB file: ${path.logs}/${cluster.name}.log # datePattern: "'.'yyyy-MM-dd" # remove ...Repeat for the deprecation and slowlog log files, as appropriate:
Code Block language bash deprecation_log_file: type: rollingFile file: ${path.logs}/${cluster.name}_deprecation.log layout: type: pattern conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" maxBackupIndex: 0 maxFileSize: 1000000000 # (1GB) index_search_slow_log_file: type: rollingFile file: ${path.logs}/${cluster.name}_index_search_slowlog.log layout: type: pattern conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" maxBackupIndex: 0 maxFileSize: 1000000000 # (1GB) index_indexing_slow_log_file: type: rollingFile file: ${path.logs}/${cluster.name}_index_indexing_slowlog.log layout: type: pattern conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n" maxBackupIndex: 0 maxFileSize: 1000000000 # (1GB)