Help Center/Cloud Search Service/User Guide/Logstash/Logstash Cluster Monitoring and Log Management/Managing Logstash Cluster Logs
Updated on 2026-01-09 GMT+08:00
View PDF
Share

Managing Logstash Cluster Logs

CSS provides log query and log backup, enabling you to easily manage and analyze logs to efficiently locate faults, optimize performance, and enhance system security.

  • Log query: On the log management page of the CSS management console, you can query the latest log records by node, so you can quickly locate or diagnose issues.
  • Log backup: Cluster logs are periodically synchronized to OBS buckets. You can download them for in-depth analysis at any time. You can configure custom log backup policies by specifying backup schedules and storage locations. The system backs up all critical logs, including run logs and deprecation logs. They provide comprehensive data for auditing and troubleshooting purposes.

Impact on Billing

When log backup is enabled, the generated log backups are stored in OBS buckets, which will result in additional costs. For details, see Object Storage Service Billing.

Prerequisites

The OBS bucket used for storing log backups has been created. The OBS bucket must meet the following requirements:

  • Storage Class: Standard.
  • Region: the same as that of the cluster.

Querying Logs

  1. Log in to the CSS management console.
  2. In the navigation pane on the left, choose Clusters > Logstash.
  3. In the cluster list, click the name of the target cluster. The cluster information page is displayed.
  4. Choose Logs > Log Search. The Log Search page is displayed.

    You can search log records by node or keyword. For a detailed description of each type of logs, see Log Types.

    When a log file reaches 128 MB or when the time reaches 00:00 UTC, the system automatically compresses and archives it. Only unarchived logs appear on the log search page, while archived logs remain accessible through the log backup function.

Backing Up Logs

Cluster logs can be backed up to OBS buckets, where you can download them for in-depth analysis at any time.

  1. Log in to the CSS management console.
  2. In the navigation pane on the left, choose Clusters > Logstash.
  3. In the cluster list, click the name of the target cluster. The cluster information page is displayed.
  4. Choose Logs > Log Backup. The Log Backup page is displayed.
  5. Enable log backup.

    Perform the following steps to enable log backup. If it is already enabled, skip this step.

    1. Click Enable Backup. In the displayed dialog box, configure necessary settings.
      Table 1 Log backup settings

      Parameter

      Description

      OBS Bucket

      Select an OBS bucket for storing log backups from the drop-down list box.

      If no OBS buckets meet your requirements, click Create Bucket to go to the OBS console and create one. For details, see Creating a Bucket.

      Backup Path

      Set the log storage location in the OBS bucket.

      The backup path cannot:
      • Contain the following characters: \:*?"<>|'{}
      • Start with a slash (/).
      • Start or end with a period (.).
      • Contain more than two consecutive slashes (/) or periods (.).
      • Exceed 512 characters.

      IAM Agency

      To back up data to an OBS bucket, you must have the write permission to it. By configuring an IAM agency, you can authorize CSS to access its OBS resources through an associated account.
      • If you are configuring an agency for the first time, click Automatically Create IAM Agency to create css-obs-agency.
      • If there is an IAM agency automatically created earlier, you can click One-click authorization to have the OBS Administrator permissions deleted automatically, and have the following custom policies added automatically instead to implement more refined permissions control. 
        "obs:bucket:GetBucketLocation",
"obs:object:GetObjectVersion",
"obs:object:GetObject",
"obs:object:DeleteObject",
"obs:bucket:HeadBucket",
"obs:bucket:GetBucketStoragePolicy",
"obs:object:DeleteObjectVersion",
"obs:bucket:ListBucketVersions",
"obs:bucket:ListBucket",
"obs:object:PutObject"
      • When OBS buckets use SSE-KMS encryption, the IAM agency must be granted KMS permissions. You can click Automatically Create IAM Agency and One-click authorization to have the following custom policies created automatically. 
        "kms:cmk:create",
"kms:dek:create",
"kms:cmk:get",
"kms:dek:decrypt",
"kms:cmk:list"
      • To use Automatically Create IAM Agency and One-click authorization, the following minimum permissions are required: 
        "iam:agencies:listAgencies",
"iam:roles:listRoles",
"iam:agencies:getAgency",
"iam:agencies:createAgency",
"iam:permissions:listRolesForAgency",
"iam:permissions:grantRoleToAgency",
"iam:permissions:listRolesForAgencyOnProject",
"iam:permissions:revokeRoleFromAgency",
"iam:roles:createRole"
      • To use an IAM agency, the following minimum permissions are required: 
        "iam:agencies:listAgencies",
"iam:agencies:getAgency",
"iam:permissions:listRolesForAgencyOnProject",
"iam:permissions:listRolesForAgency"
      WARNING:

      The agency name can contain only letters (case-sensitive), digits, underscores (_), and hyphens (-). Otherwise, the backup will fail.

      Determine whether to enable Automatic backup based on service needs.
      • To enable automatic, periodic log backup, select Automatic backup, and set the backup policy. For more information, see 6.
      • If manual log backup is sufficient, deselect Automatic backup.
    2. Click OK to enable log backup.

      The configuration information will be displayed on the Log Backup tab.

  6. Back up logs. Two options are available: automatic or manual.

    Automatic log backup: Logs are backed up periodically based on the preset policy.

    1. On the Log Backup page, click Modify Settings on the right.
      Figure 1 Modifying Settings
    2. In the Modify Settings dialog box, select Automatic backup, and configure the automatic backup policy.
      Table 2 Automatic backup settings

      Parameter

      Description

      Time Zone

      Select a time zone for the backup start time.

      Backup Start Time

      Specify the start time of auto backup.

      Select a value from the drop-down list. The value range is from 00:00 to 23:00. The backup always happens on the hour.

    3. Click OK to enable automatic log backup.

      Automatic log backup tasks are displayed in the task list. When Task Status in the task list changes to Succeeded, the backup is successful.

      If log backup fails, click Failed Tasks to learn the failure causes. A maximum of 10 failed tasks can be displayed. When log backup is disabled or the cluster is deleted, the failure records are also cleared.

    4. If automatic log backup is not required, click Modify Settings. In the displayed dialog box, deselect Automatic backup, and click OK. In the displayed confirmation dialog box, click OK.

      Disabling log backup does not automatically delete log backups automatically generated earlier. Instead, you need to manually delete them on the OBS console.

    Manual log backup: Back up logs right away.

    1. On the Log Backup page, click Back Up Manually under Log Backup Tasks.
      Figure 2 Manually backing up logs
    2. In the displayed dialog box, confirm the log backup path and click OK.

      The log backup task is displayed in the task list. When Task Status in the task list changes to Succeeded, the backup is successful.

      If log backup fails, click Failed Tasks to learn the failure causes. A maximum of 10 failed tasks can be displayed. When log backup is disabled or the cluster is deleted, the failure records are also cleared.

  7. Check the backed-up log files.

    Logs are backed up incrementally. After the backup is successful, you can access the target OBS bucket to obtain the full log files by clicking Log Path.

    Figure 3 OBS bucket address

    Table 3 lists the log types.

    Table 3 Log types

    Log Name

    Description

    logstash-deprecation.log

    Deprecation log file

    logstash-plain.log

    Run log file

  8. If the log backup function is no longer needed, you can disable it.

    On the Log Backup page, click Disable Backup. In the displayed dialog box, click OK. Disabling log backup does not automatically delete existing log backups. Instead, you need to manually delete them on the OBS console.

Log Types

Table 4 Introduction to different log types

Log Type

Description

Purpose

Run logs

Run logs record a cluster's node and pipeline status, such as source-destination connectivity, pipeline creation or modification, and pipeline running errors.

Check run logs to troubleshoot pipeline errors.

Deprecation logs

Deprecation logs record deprecation warnings. Deprecation warnings are written to this log when you use APIs, configurations, or functions that are marked for removal in future versions.

You cannot check deprecation logs on the console. To check them, you need to back them up to an OBS bucket first.

Check for APIs or features that are about to expire in future versions.

  • Run log description

    Run logs record a cluster's node and pipeline status. For example, the log record below indicates that the destination cluster could not be reached. You need to check whether the cluster address is correct and whether the cluster status is normal.

    Figure 4 A sample of run logs
    Log content:
    • 1. Log generation time
    • 2. Log level, which can be DEBUG, INFO, WARN, or ERROR
    • 3. Log-generating module
    • 4. Name of the log-generating node
    • 5. Log content
  • Deprecation log description

    Deprecation logs record deprecation warnings.

    Figure 5 A sample of deprecation logs
    Log content:
    • 1. Log generation time
    • 2. Log level, which can only be DEPRECATION.
    • 3. Log-generating module
    • 4. Log content. The log record shown in the figure above indicates that the ECS compatibility mode was not explicitly declared for a plugin when Logstash was started.