The goal is to have elasticsearch logs in json format so that logstash is able to pick it up and index it in another elasticsearch cluster dedicated to logging.
-
First the file jsonevent-layout-1.7.jar was copied to the /elasticsearch-home/lib directory
-
The log4j2.properties file was configured as follows:
logger.action.name = org.elasticsearch.action
logger.action.level = debugappender.console.type = Console
appender.console.name = console
appender.console.layout.type = net.logstash.log4j.JSONEventLayoutV1appender.rolling.type = RollingFile
appender.rolling.name = rolling
appender.rolling.fileName = ${sys:es.logs}.log
appender.rolling.layout.type = net.logstash.log4j.JSONEventLayoutV1
appender.rolling.filePattern = ${sys:es.logs}-%d{yyyy-MM-dd}.log
appender.rolling.policies.type = Policies
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling.policies.time.interval = 1
appender.rolling.policies.time.modulate = truerootLogger.level = info
rootLogger.appenderRef.console.ref = console
rootLogger.appenderRef.rolling.ref = rolling
However, when I run bin/elasticsearch, I get these messages
2016-11-23 10:37:44,768 main ERROR Unable to locate plugin type for net.logstash.log4j.JSONEventLayoutV1
2016-11-23 10:37:44,770 main ERROR Unable to locate plugin type for net.logstash.log4j.JSONEventLayoutV1
2016-11-23 10:37:44,770 main ERROR Unable to locate plugin type for net.logstash.log4j.JSONEventLayoutV1
2016-11-23 10:37:44,770 main ERROR Unable to locate plugin type for net.logstash.log4j.JSONEventLayoutV1
2016-11-23 10:37:44,771 main ERROR Unable to locate plugin type for net.logstash.log4j.JSONEventLayoutV1
2016-11-23 10:37:44,791 main ERROR Unable to locate plugin for net.logstash.log4j.JSONEventLayoutV1
2016-11-23 10:37:44,794 main ERROR Unable to invoke factory method in class class org.apache.logging.log4j.core.appender.RollingFileAppender for element RollingFile. java.lang.NullPointerException
at org.apache.logging.log4j.core.config.plugins.visitors.PluginElementVisitor.findNamedNode(PluginElementVisitor.java:100)
at org.apache.logging.log4j.core.config.plugins.visitors.PluginElementVisitor.visit(PluginElementVisitor.java:87)
at org.apache.logging.log4j.core.config.plugins.util.PluginBuilder.generateParameters(PluginBuilder.java:243)
at org.apache.logging.log4j.core.config.plugins.util.PluginBuilder.build(PluginBuilder.java:131)
at org.apache.logging.log4j.core.config.AbstractConfiguration.createPluginObject(AbstractConfiguration.java:918)
at org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:858)
at org.apache.logging.log4j.core.config.AbstractConfiguration.createConfiguration(AbstractConfiguration.java:850)
at org.apache.logging.log4j.core.config.AbstractConfiguration.doConfigure(AbstractConfiguration.java:479)
at org.apache.logging.log4j.core.config.AbstractConfiguration.initialize(AbstractConfiguration.java:219)
at org.apache.logging.log4j.core.config.AbstractConfiguration.start(AbstractConfiguration.java:231)
at org.apache.logging.log4j.core.LoggerContext.setConfiguration(LoggerContext.java:496)
at org.apache.logging.log4j.core.LoggerContext.start(LoggerContext.java:249)
at org.elasticsearch.common.logging.LogConfigurator.configure(LogConfigurator.java:116)
at org.elasticsearch.common.logging.LogConfigurator.configure(LogConfigurator.java:83)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:249)
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:112)
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:103)
at org.elasticsearch.cli.SettingCommand.execute(SettingCommand.java:54)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:96)
at org.elasticsearch.cli.Command.main(Command.java:62)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:80)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:73)
Looks like when starting, elasticsearch is not able to read the jsonevent-layout-1.7.jar file in the lib folder. Do i have to make any more changes? Where could I be going wrong?