How to collect elasticsearch logs in docker

Petr.Simik · November 12, 2019, 6:43am

I need to access elasticsearch logs of elasticsearch cluster running within docker containers.
Volumes: - /mnt/ssd1/eslog1:/var/log/elasticsearch
is not the option , all logs are by default send to stdout and accessible only via

docker logs es-node21

How I can access the logs,
I am thinking of filebeat elasticsearch module to collect the logs into elasticsearch.

This is my docker-compose.yml

version: '3.3'
services:
es-node21:
image: docker.elastic.co/elasticsearch/elasticsearch:7.4.2
container_name: es-node21
restart: always
environment:
- node.name=es-node21
- "discovery.zen.ping.unicast.hosts=node3.corp,node2.corp"
- http.cors.enabled=true
- http.cors.allow-origin=*
- cluster.name=cem-docker-cluster
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms24g -Xmx24g"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /mnt/ssd1/esdata1:/usr/share/elasticsearch/data
- /mnt/ssd1/eslog1:/var/log/elasticsearch --- this logging does not work need to be done another way!!
ports:
- 9200:9200
- 9300:9300
deploy:
resources:
limits:
cpus: '12'
network_mode: host

MiTschMR · November 12, 2019, 7:15am

Hi @Petr.Simik

To get Elasticsearch write the logs to file you either need to do some hacky stuff with docker and the command parameters or modify the log4j2.properties file. I advise you to check out the following site:
https://www.elastic.co/guide/en/elasticsearch/reference/current/logging.html

You need to map the new log4j2.properties to the containers and also need a folder mapped into the directory you want to save the logs.

Hope this leads you on the right way.

Petr.Simik · November 29, 2019, 8:50am

@MiTschMR thank you this definitely leads to the solution, I had not time to test it , but I belive this is the solution. Thank u

system · December 27, 2019, 8:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.