I think I must be doing something wrong. I'm trying to log every query
to the system just so I can see what my software is sending over the
wire.

In elasticsearch.yml I have:

path.logs: /home/colin/src/elasticsearch/log

Shard level query and fetch threshold logging.

index.search.slowlog.level: INFO
index.search.slowlog.threshold.query.info: 0ms

index.search.slowlog.threshold.fetch.info: 0ms

The path /home/colin/src/elasticsearch/log exists and is writable by
the user running elasticsearch. If I run elasticsearch, send some
queries, and then ls the directory, there are no files there. I would
expect a timestamped file, since my logging.yml looks like:

index_search_slow_log_file:
type: dailyRollingFile
file: ${path.logs}/${cluster.name}_index_search_slowlog.log
datePattern: "'.'yyyy-MM-dd"
layout:
type: pattern
conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

Any pointers? I looked at http://www.elasticsearch.org/guide/reference/index-modules/slowlog.html
and it didn't shed light. Are these settings just templates that are
burned into the index at index creation time?

Everything looks correct. I have a couple of questions though. Which
version of elasticsearch are you using? Are you sure that your log file
directory is called "log" not "logs"?

On Monday, June 4, 2012 4:34:50 PM UTC-4, Colin Dellow wrote:

I think I must be doing something wrong. I'm trying to log every query
to the system just so I can see what my software is sending over the
wire.

In elasticsearch.yml I have:

path.logs: /home/colin/src/elasticsearch/log

Shard level query and fetch threshold logging.

index.search.slowlog.level: INFO
index.search.slowlog.threshold.query.info: 0ms

index.search.slowlog.threshold.fetch.info: 0ms

The path /home/colin/src/elasticsearch/log exists and is writable by
the user running elasticsearch. If I run elasticsearch, send some
queries, and then ls the directory, there are no files there. I would
expect a timestamped file, since my logging.yml looks like:

index_search_slow_log_file:
type: dailyRollingFile
file: ${path.logs}/${cluster.name}_index_search_slowlog.log
datePattern: "'.'yyyy-MM-dd"
layout:
type: pattern
conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

Any pointers? I looked at
Elasticsearch Platform — Find real-time answers at scale | Elastic
and it didn't shed light. Are these settings just templates that are
burned into the index at index creation time?

Thanks for confirming I'm on the right path, Igor! I'm using 0.19.3
and I'm confident the log directory is called that:

colin@colin-pc1:~/src/tng$ ls -l /home/colin/src/elasticsearch/log
total 0

I'll try grabbing 0.19.4 and a completely clean config and see if I
get the same behaviour.

On Jun 5, 11:21 am, Igor Motov imo...@gmail.com wrote:

Everything looks correct. I have a couple of questions though. Which
version of elasticsearch are you using? Are you sure that your log file
directory is called "log" not "logs"?

On Monday, June 4, 2012 4:34:50 PM UTC-4, Colin Dellow wrote:

I think I must be doing something wrong. I'm trying to log every query
to the system just so I can see what my software is sending over the
wire.

In elasticsearch.yml I have:

path.logs: /home/colin/src/elasticsearch/log

Shard level query and fetch threshold logging.

index.search.slowlog.level: INFO
index.search.slowlog.threshold.query.info: 0ms

index.search.slowlog.threshold.fetch.info: 0ms

The path /home/colin/src/elasticsearch/log exists and is writable by
the user running elasticsearch. If I run elasticsearch, send some
queries, and then ls the directory, there are no files there. I would
expect a timestamped file, since my logging.yml looks like:

index_search_slow_log_file:
type: dailyRollingFile
file: ${path.logs}/${cluster.name}_index_search_slowlog.log
datePattern: "'.'yyyy-MM-dd"
layout:
type: pattern
conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

Any pointers? I looked at
Elasticsearch Platform — Find real-time answers at scale | Elastic
and it didn't shed light. Are these settings just templates that are
burned into the index at index creation time?

I just tried 0.19.3 with your configuration changes and everything worked.
I think it's something that's not mentioned in your email. Could you try
starting elasticsearch from command line with -f flag and see if it prints
anything before it starts?

On Tuesday, June 5, 2012 11:36:48 AM UTC-4, Colin Dellow wrote:

Thanks for confirming I'm on the right path, Igor! I'm using 0.19.3
and I'm confident the log directory is called that:

colin@colin-pc1:~/src/tng$ ls -l /home/colin/src/elasticsearch/log
total 0

I'll try grabbing 0.19.4 and a completely clean config and see if I
get the same behaviour.

On Jun 5, 11:21 am, Igor Motov imo...@gmail.com wrote:

Everything looks correct. I have a couple of questions though. Which
version of elasticsearch are you using? Are you sure that your log file
directory is called "log" not "logs"?

On Monday, June 4, 2012 4:34:50 PM UTC-4, Colin Dellow wrote:

I think I must be doing something wrong. I'm trying to log every query
to the system just so I can see what my software is sending over the
wire.

In elasticsearch.yml I have:

path.logs: /home/colin/src/elasticsearch/log

Shard level query and fetch threshold logging.

index.search.slowlog.level: INFO
index.search.slowlog.threshold.query.info: 0ms

index.search.slowlog.threshold.fetch.info: 0ms

The path /home/colin/src/elasticsearch/log exists and is writable by
the user running elasticsearch. If I run elasticsearch, send some
queries, and then ls the directory, there are no files there. I would
expect a timestamped file, since my logging.yml looks like:

index_search_slow_log_file:
type: dailyRollingFile
file: ${path.logs}/${cluster.name}_index_search_slowlog.log
datePattern: "'.'yyyy-MM-dd"
layout:
type: pattern
conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

Any pointers? I looked at
Elasticsearch Platform — Find real-time answers at scale | Elastic
and it didn't shed light. Are these settings just templates that are
burned into the index at index creation time?

/facepalm. Problem existed between keyboard and computer. Telling me
to run with -f pointed out that I was, ahem, restarting the wrong
elasticsearch instance.

Argh. Sorry for wasting your time, Igor, but thanks for helping me
debug by confession!

On Jun 5, 11:39 am, Igor Motov imo...@gmail.com wrote:

I just tried 0.19.3 with your configuration changes and everything worked.
I think it's something that's not mentioned in your email. Could you try
starting elasticsearch from command line with -f flag and see if it prints
anything before it starts?

On Tuesday, June 5, 2012 11:36:48 AM UTC-4, Colin Dellow wrote:

Thanks for confirming I'm on the right path, Igor! I'm using 0.19.3
and I'm confident the log directory is called that:

colin@colin-pc1:~/src/tng$ ls -l /home/colin/src/elasticsearch/log
total 0

I'll try grabbing 0.19.4 and a completely clean config and see if I
get the same behaviour.

On Jun 5, 11:21 am, Igor Motov imo...@gmail.com wrote:

Everything looks correct. I have a couple of questions though. Which
version of elasticsearch are you using? Are you sure that your log file
directory is called "log" not "logs"?

On Monday, June 4, 2012 4:34:50 PM UTC-4, Colin Dellow wrote:

I think I must be doing something wrong. I'm trying to log every query
to the system just so I can see what my software is sending over the
wire.

In elasticsearch.yml I have:

path.logs: /home/colin/src/elasticsearch/log

Shard level query and fetch threshold logging.

index.search.slowlog.level: INFO
index.search.slowlog.threshold.query.info: 0ms

index.search.slowlog.threshold.fetch.info: 0ms

The path /home/colin/src/elasticsearch/log exists and is writable by
the user running elasticsearch. If I run elasticsearch, send some
queries, and then ls the directory, there are no files there. I would
expect a timestamped file, since my logging.yml looks like:

index_search_slow_log_file:
type: dailyRollingFile
file: ${path.logs}/${cluster.name}_index_search_slowlog.log
datePattern: "'.'yyyy-MM-dd"
layout:
type: pattern
conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

Any pointers? I looked at
Elasticsearch Platform — Find real-time answers at scale | Elastic
and it didn't shed light. Are these settings just templates that are
burned into the index at index creation time?