Hi guys,
Is there any way to reduce the Elasticsearch and logstash app logs count to 7 days using log4j.properties? Currently as I can observe, the log rotation in /var/log/elasticsearch and /var/log/logstash has no limit and goes on rolling over. I want only previous 7 backed-up log files on system.
Any help is appreciated. Thank you.
with elasticsearch, please read the following
If you want to retain log files for a specified period of time, you can use a rollover strategy with a delete action.
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.action.type = Delete
appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
appender.rolling.strategy.action.condition.type = IfFileName
appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
appender.rolling.strategy.action.condition.nested_condition.type = IfLastModified
appender.rolling.strategy.action.condition.nested_condition.age = 7D
- Configure the DefaultRolloverStrategy
- Configure the Delete action for handling rollovers
- The base path to the Elasticsearch logs
- The condition to apply when handling rollovers
- Delete files from the base path matching the glob ${sys:es.logs.cluster_name}-*; this is the glob that log files are rolled to; this is needed to only delete the rolled Elasticsearch logs but not also delete the deprecation and slow logs
- A nested condition to apply to files matching the glob
- Retain logs for seven days
Cheers!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.