we are running logstash and its output has file
and elasticsearch
for every opening and closing the file
plugin is logging in... resulting the nohup.out file being very huge...
How do i avoid so much of logging, or is there a way better way to handle this?
Badger
June 21, 2021, 4:29pm
2
You could change the logging level for the loggers involved (the logger name is show in the log message). For example, to increase the volume of log messages from a file output I use
curl -XPUT 'localhost:9600/_node/logging?pretty' -H 'Content-Type: application/json' -d'
{
"logger.filewatch.discoverer" : "TRACE",
"logger.filewatch.observingtail" : "TRACE",
"logger.filewatch.sincedbcollection" : "TRACE",
"logger.filewatch.tailmode.handlers.createinitial" : "TRACE",
"logger.filewatch.tailmode.handlers.grow" : "TRACE",
"logger.filewatch.tailmode.processor" : "TRACE"
}
'
You could change the default (INFO) level to WARN in a similar way.
1 Like
Thanks. Any possibility i can set this at the properties, instead of a curl? as our logstash gets run every now and then and by different people. So aligning this everytime the logstash starts may be difficult.
Badger
June 23, 2021, 4:44pm
4
Yes, you should be able to modify the log4j2.properties file to set these.
I tried adding
logger.logstash.file.outputs = WARN
and
"logger.filewatch.discoverer" : "TRACE",
"logger.filewatch.observingtail" : "TRACE",
"logger.filewatch.sincedbcollection" : "TRACE",
"logger.filewatch.tailmode.handlers.createinitial" : "TRACE",
"logger.filewatch.tailmode.handlers.grow" : "TRACE",
"logger.filewatch.tailmode.processor" : "TRACE"
But both giving me error by either saying logstash file output is not valid or filewatch module not found.
Badger
June 28, 2021, 5:03pm
6
To modify the level for all of the filewatch classes you could use
logger.filewatch.name = filewatch
logger.filewatch.level = WARN
If you wanted to modify some sub-classes but not others you could use something like
logger.logstash1.name = logstash.runner
logger.logstash1.level = WARN
logger.logstash2.name = logstash.pipeline
logger.logstash2.level = WARN
which does not modify logstash.javapipeline, logstash.setting, etc.
Badger:
logger
Thanks for the reponse.
Even after trying both I am still seeing those logs
Sample Log (the one i need to get rid of)
[2021-07-01T19:28:45,203][INFO ][logstash.outputs.file ][main][4e6acc3dcf51fc251f2e81c7fe7f576133e96a5af8f803fa5d198ccbec9f5a00] Opening file {:path=>"/Users/Smit/Downloads/trash/log.txt"}
Properties I tried:
logger.filewatch.name = filewatch
logger.filewatch.level = WARN
another
logger.logstash1.name = logstash.outputs.file
logger.logstash1.level = WARN
Sample Logstash Conf:
input {
stdin{}
}
output {
file {
path => "/Users/Smit/Downloads/trash/log.txt"
codec => line { format => "custom format: %{message}"}
}
}
I do not know what to say. When I add
logger.logstash1.name = logstash.outputs.file
logger.logstash1.level = WARN
to /etc/logstash/log4j2.properties and restart logstash the message
[INFO ][logstash.outputs.file ][main][98cb9fbcc7c0b63c6dfb54eee928e0944a186fb8cd23c2f926042405b89ccd1f] Opening file {:path=>"/tmp/foo.txt"}
is not printed.
Thanks.
The problem is I was updating the log4j in the config folder but i was not setting that in the --path.settings. After doing that, it worked.
--path.settings=/Users/Smit/Documents/Dev/ELK/logstash-7.10.0/config/
or
export LS_SETTINGS_DIR=/Users/Smit/Documents/Dev/ELK/logstash-7.10.0/config/
system
(system)
Closed
July 30, 2021, 4:50am
10
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.