Log File Retention Settings

Elastic Stack Elasticsearch
1

Our Elasticsearch cluster seems to be generating new log files every day and retaining them indefinitely.

I found this post explaining that to fix this I should be adding maxBackupIndex to my logging.yml files. https://xenforo.com/community/threads/elasticsearch-logfile-handling.42268/

I have made this change and restarted the service but the file count hasn't changed.

This post also discusses this issue. One person mentions their version doesn't support the feature and another person mentions the use of logrotate. Deleting old ES logs /var/log/elasticsearch

I have two questions:

  1. Which version of Elasticsearch supports the use of maxBackupIndex? (I am currently running v1.3.2)
  2. What is logrotate and is there any information on using that?

I am trying to avoid writing a custom script to delete the files and scheduling it, but I can if necessary.

Thank you

2

What logging.yml configuration did you try? I would expect maxBackupIndex to work in ES 1.3.2.

  1. What is logrotate and is there any information on using that?

logrotate is a program that rotates logs. I'd be very surprised if you didn't already have it installed. See the man page and the configuration files you already have (probably in /etc/logrotate.d).

3

@magnusbaeck this is the snippet from my logging.yml

appender:
  console:
    type: console
    layout:
      type: consolePattern
      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

  file:
    type: dailyRollingFile
    file: ${path.logs}/${cluster.name}.log
    datePattern: "'.'yyyy-MM-dd"
    maxBackupIndex: 30
    layout:
      type: pattern
      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

You can see I've added maxBackupIndex: 30

I've only added it under file with type of dailyRollingFile. I confirmed today that it is still creating new files (all of the counts on my servers have increased by 1 since yesterday) even with this setting enabled.

Is there any way to confirm which version of ES the maxBackupIndex feature was implemented in?

4

I think I found the answer.

This stack post http://stackoverflow.com/questions/22865522/log4cplus-dailyrollingfileappender-config-maxbackupindex-not-working explains that the maxBackupIndex parameter is only for the current logging period. The default ES settings appear to log one file of unlimited size per logging period. So maxBackupIndex would never take effect.

I believe this setting can be used in conjunction with the maxFileSize parameter to limit how many files get created per logging period. So if I had maxFileSize set to something like 100 MB and maxBackupIndex set to 5, then ES (log4j) would only keep 500 MB of data for that current logging period (day).

This other stack post seems to correlate with my assumption http://stackoverflow.com/questions/3683364/how-to-configure-log4j-to-only-keep-log-files-for-the-last-seven-days

Looks like I'm going to have to script it out.