Hello all
I am running my ELk stack on docker so whenever my logstash loses connection with elasticsearch then the data which is getting parsed where is it stored.
According to my observation it is piling up the logstash containers, so is there a particular directory inside the conatiner which it is supposed to pile up if yes then will mounting the directory as a volume outside the conatiner will it help?
Regards
Gaurav Agarwal
According to my observation it is piling up the logstash containers, so is there a particular directory inside the conatiner which it is supposed to pile up
The data directory. See Logstash Directory Layout | Logstash Reference [8.11] | Elastic.
if yes then will mounting the directory as a volume outside the conatiner will it help?
Yes.
Is it the data directory which should be mounted outside since I m not very sure where is the storage piling up is happening?
Is it the data directory which should be mounted outside
I already answered that question.
since I m not very sure where is the storage piling up is happening?
But that's easy to check, isn't it?
It says the data directory is not writable.
[2018-05-28T09:35:49,874][FATAL][logstash.runner ] An unexpected error occurred! {:error=>#<ArgumentError: Path "/usr/share/logstash/data" must be a writable directory. It is not writable.>,
And this happens when mounting a directory from the host...?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.