Can I blow out elasticsearch log directory "/var/log/elasticsearch" or is that a no no?

I would like to monitor elasticsearch logs using filebeat and I see in my "elasticsearch.yml" these are stored...
path.logs: /var/log/elasticsearch

There's a bunch of stuff in here and I would just like to delete everything to help save space on my EC2 I'm testing in. May I do this?

Secondly, I see that in this directory there are several extensions being...

  • json.gz
  • json
  • log.gz
  • log

Are the "gz" just compressed versions of old logs? I'm nervous about these json files in here. I don't want to delete them if their needed.

It is possible to change the configuration of log4j2.properties file to auto-remove and/or auto-compress log files.

It is possible to reduce the amount of data kept to a maximum amount.

The gz logs are the compressed files which have been already rolled by size or time.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.