Elasticsearch Log Overview
Log Description
Default log paths:
- Run logs: /var/log/Bigdata/elasticsearch/${Rolename}
- Audit logs: /var/log/Bigdata/audit/elasticsearch/${Rolename}
- Access logs: /var/log/Bigdata/elasticsearch/${Rolename}
Log archive rules:
- By default, audit logs are stored once every 50 MB. The size of compressed access logs cannot exceed 2 GB.
- By default, run logs are backed up each time when the size of them reaches 50 MB. Run logs are archived every day. The size of compressed run logs cannot exceed 512 MB.
- The parameters for archiving audit logs and run logs can be configured on Manager.
- By default, access logs are stored once every 50 MB. The size of compressed access logs cannot exceed 512 MB.
|
Log Type |
Log File Name |
Description |
|---|---|---|
|
Run log |
elasticsearch_cluster_deprecation.log |
Elasticsearch discard logs |
|
elasticsearch_cluster_index_indexing_slowlog.log |
Elasticsearch index slow logs |
|
|
elasticsearch_cluster_index_search_slowlog.log |
Elasticsearch query slow logs |
|
|
elasticsearch_cluster.log |
Elasticsearch cluster logs |
|
|
es-process-check.log |
Elasticsearch health check logs |
|
|
es-service-check.log |
Elasticsearch service check logs |
|
|
startup.log |
Elasticsearch startup logs |
|
|
shutdown.log |
Elasticsearch stop logs |
|
|
postinstall.log |
Elasticsearch installation logs |
|
|
prestart.log |
Elasticsearch startup preparation logs |
|
|
es-gc.log* |
Elasticsearch instance recycling logs |
|
|
luvector.log |
Elasticsearch vector retrieval logs |
|
|
<Rolename>-threadDump-<date>.log |
Elasticsearch instance jstack logs |
|
|
Audit log |
elasticsearch_cluster-audit.log |
Logs for recording index-level operations, such as migrating shards and deleting indexes. |
|
Access log |
elasticsearch_cluster-access.log |
Logs of the access to Elasticsearch REST APIs |
The curl command uses the preemption authentication mechanism. Specifically, the system sends a basic authentication request without the TGT, and the authentication fails. Then, the system sends an authentication request with the TGT, and the authentication succeeds. Therefore, after the curl command is executed, the audit log of Elasticsearch records a failure log and then a success log.
Log Level
Table 2 describes the log levels provided by Elasticsearch. The priorities of log levels are OFF, ERROR, WARN, INFO, DEBUG , and TRACE in descending order. Logs whose levels are higher than or equal to the specified level are printed. The number of printed logs decreases as the specified log level increases.
|
Level |
Description |
|---|---|
|
OFF |
Indicates that the log output is disabled. |
|
ERROR |
Error information about the current event processing |
|
WARN |
Exception information about the current event processing |
|
INFO |
Normal running status information about the system and events |
|
DEBUG |
System information and system debugging information |
|
TRACE |
Information whose granularity is lower than that of DEBUG |
Modifying Log Parameters
To modify log archive and log level parameters, perform the following operations:
- Log in to Manager.
- Choose Cluster > Name of the desired cluster > Services > Elasticsearch > Configurations.
- Select All Configurations.
- On the menu bar on the left, select the log menu of the target role.
- Select the log archive and log level parameter to be modified.
- Click Save. In the displayed dialog box, click OK to make the configurations take effect.
The configurations take effect immediately without the need to restart the service.
Log Format
|
Type |
Format |
Example Value |
|---|---|---|
|
Run log |
<yyyy-MM-dd HH:mm:ss,SSS>|<Log level>|<Name of the thread that generates the log>|<Name of the class>|<Message in the log>| |
[2019-05-17T19:05:43,085][DEBUG][elasticsearch[EsNode1@192.168.67.60][http_server_worker][T#3]][o.e.a.a.i.a.g.TransportGetAliasesAction] [EsNode1@192.168.67.60] no known master node, scheduling a retry |
|
Audit log |
<yyyy-MM-dd HH:mm:ss,SSS>|<Log level>|<Name of the thread that generates the log>|<Name of the class>|<Message in the log>| |
[2019-05-17T11:28:11,524][WARN ][elasticsearch[EsNode1@192.168.67.60][http_server_worker][T#4]][c.h.e.s.a.AuditLogAppender] [EsNode1@192.168.67.60] RemoteAddr=192.168.67.78:47899 UserName=chengyang RequestURL=PUT /_bulk?pretty=true httpStatus=200 result={"index":{"_index":"ngram5","_type":"ngram5","_id":"Mf_Vw2oB66jHx6hPNj_r","status":403,"error":{"type":"cluster_block_exception","reason":"blocked by: [FORBIDDEN/12/index read-only / allow delete (api)];"}}} |
|
Access log |
<yyyy-MM-dd HH:mm:ss,SSS>|<Log level>|<Name of the thread that generates the log>|<Name of the class>|<Message in the log>| |
[2020-09-25T16:38:13,570][INFO ][elasticsearch[EsNode1@192.168.67.78][http_server_worker][T#5]][c.h.e.s.a.AccessLog ][EsNode1@10.162.146.102]{2020-09-25 16:38:13, Sec-Mod, 'GET /_node/monitor/health', ip=/192.168.67.78:45346} |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
