Page MenuHomePhabricator
Create Task
Maniphest T158664

elasticsearch logs are duplicated in journald
Closed, ResolvedPublic
Actions

Description

On Jessie, elasticsearch is started by systemd, which captures console output and sends it to journald. This means that logs are duplicated between /var/log/elasticsearch and syslog / deamon.log.

The log4j configuration should be adapted to log only startup messages or critical messages to console and keep the rest only in the standard elasticsearch logs.

Details

SubjectRepoBranchLines +/-
elasticsearch: don't send logs to the consoleoperations/puppetproduction+1 -13
Customize query in gerrit

Event Timeline

Gehel created this task.Feb 21 2017, 4:29 PM
Restricted Application added a project: Discovery-Search. · View Herald TranscriptFeb 21 2017, 4:29 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Gehel triaged this task as High priority.Feb 21 2017, 4:29 PM
gerritbot subscribed.Feb 21 2017, 5:34 PM

Change 338998 had a related patch set uploaded (by Gehel):
WIP - elasticsearch: only send minimal logging to console

https://gerrit.wikimedia.org/r/338998

gerritbot added a project: Patch-For-Review.Feb 21 2017, 5:34 PM
Gehel added a subscriber: dcausse.Feb 22 2017, 2:22 PM

After discussion with @dcausse, it seems to be a better idea to not send any logs to the console, so as to not mislead people into reading only part of the logs.

Stashbot subscribed.Feb 23 2017, 1:52 PM

Mentioned in SAL (#wikimedia-operations) [2017-02-23T13:52:17Z] <gehel> restart logstash on relforge1001 to test logging configuration - T158664

gerritbot added a comment.Feb 23 2017, 1:57 PM

Change 338998 merged by Gehel:
elasticsearch: don't send logs to the console

https://gerrit.wikimedia.org/r/338998

Gehel added a comment.Feb 23 2017, 1:58 PM

Change is deployed but will only be active after the next cluster restart.

Gehel moved this task from needs triage to Current work on the Discovery-Search board.Feb 23 2017, 1:58 PM
Gehel edited projects, added Discovery-Search (Current work); removed Discovery-Search.
Gehel moved this task from Incoming to Needs Reporting on the Discovery-Search (Current work) board.
debt closed this task as Resolved.May 30 2017, 5:33 PM
debt claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits