I would like to know how to limit the amount of space elasticsearch logs can take up on my Graylog server. Twice now an overload of elasticsearch logs has used up all the space and caused Graylog to stop working. I fixed the underlying cause of the massive log buildup but I would like to now prevent that from happening again by limiting the amount of days of elasticsearch logs.
I placed the below in my /etc/elasticsearch/log4j2.properties file.
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.action.type = Delete
appender.rolling.strategy.action.basepath = {sys:es.logs.base_path} appender.rolling.strategy.action.condition.type = IfFileName appender.rolling.strategy.action.condition.glob = {sys:es.logs.cluster_name}-*
appender.rolling.strategy.action.condition.nested_condition.type = IfLastModified
appender.rolling.strategy.action.condition.nested_condition.age = 14D
But when I restarted the elasticsearch service it gave me an error:
Oct 27 11:59:51 xxxx-graylog elasticsearch[5391]: at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:307)
Oct 27 11:59:51 xxxx-graylog elasticsearch[5391]: at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:132)
Oct 27 11:59:51 xxxx-graylog elasticsearch[5391]: at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:123)
Oct 27 11:59:51 xxxx-graylog elasticsearch[5391]: at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:70)
Oct 27 11:59:51 xxxx-graylog elasticsearch[5391]: at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:134)
Oct 27 11:59:51 xxxx-graylog elasticsearch[5391]: at org.elasticsearch.cli.Command.main(Command.java:90)
Oct 27 11:59:51 xxxx-graylog elasticsearch[5391]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91)
Oct 27 11:59:51 xxxx-graylog elasticsearch[5391]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84)
Oct 27 11:59:51 xxxx-graylog elasticsearch[5391]: 2019-10-27 11:59:51,670 main ERROR Null object returned for RollingFile in Appenders.
Oct 27 11:59:51 xxxx-graylog elasticsearch[5391]: 2019-10-27 11:59:51,677 main ERROR Unable to locate appender “rolling” for logger config “root”
I am running elasticsearch version 5.6.16. Any ideas?