There is an example given on Logging to rotate logs every 7 days instead of waiting for 2G of logs to accumulate. This example worked well for ELK 6.x, but as of upgrading to 7.x, it now produces the error:
Dec 16 16:42:53 netflow systemd-entrypoint[13214]: 2020-12-16 16:42:53,107 main ERROR Null object returned for IfLastModified in IfFileName.
To repeat:
# git diff elasticsearch/log4j2.properties
diff --git a/elasticsearch/log4j2.properties b/elasticsearch/log4j2.properties
index a6c39e7..69ee15b 100644
--- a/elasticsearch/log4j2.properties
+++ b/elasticsearch/log4j2.properties
@@ -25,8 +32,10 @@ appender.rolling.strategy.action.type = Delete
appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
appender.rolling.strategy.action.condition.type = IfFileName
appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
-appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
-appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB
+#appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
+#appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB
+appender.rolling.strategy.action.condition.nested_condition.type = IfLastModified
+appender.rolling.strategy.action.condition.nested_condition.exceeds = 7D
################################################
######## Server - old style pattern ###########
appender.rolling_old.type = RollingFile
Is there an alternative?
Can the documentation be updated?