I am doing centralized logging using logstash. I am using logstash-forwarder on the shipper node and ELK stack on the collector node.I wanted to know the location where the logs are stored in elasticsearch i didn't see any data files created where the logs are stored.Do anyone has idea about this?
Asked
Active
Viewed 1.2k times
3
Has QUIT--Anony-Mousse
- 76,138
- 12
- 138
- 194
Anand Kadhi
- 1,790
- 4
- 27
- 40
-
2check your `path.data` parameter in your elasticsearch.yml file – eliasah Apr 24 '15 at 14:05
3 Answers
5
- Login to the server that runs Elasticsearch
- If it's an ubuntu box, open the /etc/elasticsearch/elasticsearch.yml
- Check out the path.data configuration
- The files are stored on that location
Good luck.
Tomer Levy
- 357
- 1
- 4
5
I agree with @Tomer but the default path to logs in case of ubuntu is
/var/log/elasticsearch.log
/var/log/elasticsearch-access.log
/var/log/elasticsearch_deprecation.log
In /etc/elasticsearch/elasticsearch.yml the path to data path is commented out by default.
So the default path to logs is /var/log/elasticsearch/elasticsearch.log
Himanshu Chauhan
- 812
- 9
- 11
1
As others have pointed out, path.data will be where Elasticsearch stores its data (in your case indexed logs) and path.logs is where Elasticsearch stores its own logs.
If you can't find elasticsearch.yml, you can have a look at the command line, where you'll find something like -Des.path.conf=/opt/elasticsearch/config
If path.data/path.logs aren't set, they should be under a data/logs directory under path.home. In my case, the command line shows -Des.path.home=/opt/elasticsearch
Radu Gheorghe
- 984
- 9
- 6