Elasticsearch Elasticsearch Logging: Enabling and Configuring Log Levels

By Opster Team

Updated: Jun 22, 2023

| 2 min read

Introduction

Elasticsearch, as well as OpenSearch, provides comprehensive logging capabilities to help you monitor and troubleshoot your cluster. In this article, we will discuss how to enable and configure logging in Elasticsearch, focusing on log levels, log formats, and log rotation. If you want to learn about how to activate and use Elasticsearch slow logs, check out this guide.

Configuring Log Levels

Elasticsearch uses Log4j2 for logging, which allows you to configure log levels for different components. The default log level is set to “INFO,” but you can change it to “DEBUG” or “TRACE” for more detailed logs. To configure log levels, you need to modify the `log4j2.properties` file located in the `config` directory of your Elasticsearch installation.

Here’s a step-by-step guide on how to configure log levels in Elasticsearch:

1. Open the `log4j2.properties` file in a text editor.

2. Locate the line that starts with `logger.action.level`. This line sets the log level for the action module. By default, it should look like this:

logger.action.level = info

3. Change the log level to “DEBUG” or “TRACE” as needed. For example, to set the log level to “DEBUG,” modify the line as follows:

logger.action.level = debug

4. Save the changes and restart Elasticsearch for the new log level to take effect.

You can also configure log levels for other components by adding new lines to the `log4j2.properties` file. For example, to set the log level for the discovery module to “DEBUG,” add the following line:

logger.discovery.level = debug

Configuring Log Formats

Elasticsearch logs are formatted as plain text by default, but you can configure them to use JSON format if needed. To change the log format, you need to modify the `log4j2.properties` file.

Here’s how to configure Elasticsearch logs to use JSON format:

1. Open the `log4j2.properties` file in a text editor.

2. Locate the line that starts with `appender.console.layout.type`. By default, it should look like this:

appender.console.layout.type = PatternLayout

3. Change the layout type to “JsonLayout.” Modify the line as follows:

appender.console.layout.type = JsonLayout

4. Save the changes and restart Elasticsearch for the new log format to take effect.

Configuring Log Rotation

Elasticsearch automatically rotates log files when they reach a certain size or age. By default, log files are rotated daily or when they reach 100 MB in size. You can configure log rotation settings in the `log4j2.properties` file.

Here’s how to configure log rotation in Elasticsearch:

1. Open the `log4j2.properties` file in a text editor.

2. Locate the line that starts with `appender.rolling.strategy.type`. By default, it should look like this:

appender.rolling.strategy.type = DefaultRolloverStrategy

3. Modify the `appender.rolling.strategy.max` parameter to set the maximum number of log files to keep. For example, to keep up to 30 log files, change the line as follows:

appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.max = 30

4. Locate the line that starts with `appender.rolling.policies.type`. By default, it should look like this:

appender.rolling.policies.type = Policies

5. Modify the `appender.rolling.policies.time.type` and `appender.rolling.policies.time.interval` parameters to set the log rotation interval. For example, to rotate logs every 12 hours, change the lines as follows:

appender.rolling.policies.type = Policies
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling.policies.time.interval = 12

6. Save the changes and restart Elasticsearch for the new log rotation settings to take effect.

Conclusion

In conclusion, Elasticsearch provides flexible logging capabilities that allow you to monitor and troubleshoot your cluster effectively. By configuring log levels, log formats, and log rotation, you can tailor the logging system to your specific needs and ensure optimal performance and stability for your Elasticsearch deployment.

How helpful was this guide?

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?