## 日志配置
Elasticsearch使用[Log4j2](https://logging.apache.org/log4j/2.x/)進行日志記錄。 Log4j2可以通過log4j2.properties文件進行配置。Elasticsearch公開了三個屬性:`${sys:es.logs.base_path}`、`${sys:es.logs.cluster_name}`、`${sys:es.logs.node_name}`(如果節點名字通過`node.name`明確配置過),這三個屬性可以在配置文件中引用,以確定日志文件的存放路徑; `${sys:es.logs.base_path}`被解析為日志目錄,`${sys:es.logs.cluster_name}`被解析為集群名稱(默認用作日志文件名的前綴),`${sys:es.logs.node_name}`被解析為節點名字(如果節點名字明確配置過)。
例如,如果您的日志目錄(`path.logs`)是`/var/log/elasticsearch`,并且您的集群名為`production`,那么`${sys:es.logs}`將解析為`/var/log/elasticsearch/production`,`${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log`將被解析為`/var/log/elasticsearch/production.log`。
```
appender.rolling.type = RollingFile
appender.rolling.name = rolling
appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log
appender.rolling.layout.type = PatternLayout
appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%.-10000m%n
appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz
appender.rolling.policies.type = Policies
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling.policies.time.interval = 1
appender.rolling.policies.time.modulate = true
appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.rolling.policies.size.size = 256MB
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.fileIndex = nomax
appender.rolling.strategy.action.type = Delete
appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
appender.rolling.strategy.action.condition.type = IfFileName
appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
appender.rolling.strategy.action.condition.nested_condition.type = IfAccumulatedFileSize
appender.rolling.strategy.action.condition.nested_condition.exceeds = 2GB
```
// TODO
如果將`.gz`或`.zip`附加到`appender.rolling.filePattern`,那么日志將在滾動時壓縮。
如果你想保留指定時間段的日志,可以使用一個帶有刪除動作的滾動策略。
```
appender.rolling.strategy.type = DefaultRolloverStrategy #①
appender.rolling.strategy.action.type = Delete #②
appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path} #③
appender.rolling.strategy.action.condition.type = IfLastModified #④
appender.rolling.strategy.action.condition.age = 7D #⑤
appender.rolling.strategy.action.PathConditions.type = IfFileName #⑥
appender.rolling.strategy.action.PathConditions.glob = ${sys:es.logs.cluster_name}-* #⑦
```
① 配置滾定處理器DefaultRolloverStrategy
- - - - - -
② 為滾動滾定處理器配置刪除動作
- - - - - -
③ 日志文件目錄
- - - - - -
④ 指定滾定的條件
- - - - - -
⑤ 保留日志的時間
- - - - - -
⑥ 根據文件名匹配,僅刪除超過7天的文件
- - - - - -
⑦ 根據`${sys:es.logs.cluster_name}-*`格式去匹配刪除文件; 它僅僅只刪除Elasticsearch的日志,不會刪除`deprecation`與`slow`的日志。
可以加載多個配置文件(在這種情況下,它們將被合并),只要它們命名為`log4j2.properties`并將Elasticsearch config目錄作為父目錄; 這對于暴露其他日志記錄器的插件很有用。 日志部分包含java包及其對應的日志級別。 記錄器部分包含日志的目標。 有關如何自定義日志記錄和所有支持的追加器的詳細信息可以在[Log4j文檔](http://logging.apache.org/log4j/2.x/manual/configuration.html)中找到。
## Configuring logging levels
// TODO
## Deprecation(過期)日志
除了常規日志記錄之外,Elasticsearch還允許您啟用日志來記錄一些過期的操作。 例如,這允許您在早期就確定您將需要在未來遷移哪些功能。 默認情況下,過期日志會開啟并以WRAN級別記錄,此級別會記錄所有過期操作的日志。
```
logger.deprecation.level = warn
```
它將在日志目錄中創建每日滾動的deprecation日志文件。 定期檢查此文件,特別是當您打算升級到新的主版本。
默認的日志配置已為棄用日志設置了滾動策略,將在1GB之后滾動和壓縮,并且最多保留五個日志文件(四個已滾動的日志和一個正在記錄的日志)。
您可以通過在`config/log4j2.properties`文件中設置deprecation日志級別設置為`error`來禁用它。
> my note
>
> 日志配置
- 入門
- 基本概念
- 安裝
- 探索你的集群
- 集群健康
- 列出所有索引庫
- 創建一個索引庫
- 索引文檔創建與查詢
- 刪除一個索引庫
- 修改你的數據
- 更新文檔
- 刪除文檔
- 批量處理
- 探索你的數據
- 搜索API
- 查詢語言介紹
- 執行搜索
- 執行過濾
- 執行聚合
- 總結
- Elasticsearch設置
- 安裝Elasticsearch
- .zip或.tar.gz文件的安裝方式
- Install Elasticsearch with .zip on Windows
- Debian軟件包安裝方式
- RPM安裝方式
- Install Elasticsearch with Windows MSI Installer
- Docker安裝方式
- 配置Elasticsearch
- 安全配置
- 日志配置
- 重要的Elasticsearch配置
- 重要的系統配置
- 系統設置
- 在jvm.options中設置JVM堆大小
- 禁用swapping
- 文件描述符
- 虛擬內存
- 線程數
- DNS cache settings
- 啟動前檢查
- 堆大小檢查
- 文件描述符檢查
- 內存鎖定檢查
- 最大線程數檢查
- 最大虛擬內存檢查
- Max file size check
- 最大map數檢查
- JVM Client模式檢查
- 串行收集使用檢查
- 系統調用過濾檢查
- OnError與OnOutOfMemoryError檢查
- Early-access check
- G1GC檢查
- Elasticsearch停機
- Elasticsearch升級
- 滾動升級
- 全集群重啟升級
- 索引重建升級
- Set up X-Pack
- Installing X-Pack
- X-Pack Settings
- Watcher Settings
- Configuring Security
- Breaking changes in 6.0
- X-Pack Breaking Changes
- 重大變化
- 6.0的重大變化
- 聚合變化
- Cat API變化
- 客戶端變化
- 集群變化
- 文檔API變化
- 索引變化
- 預處理變化
- 映射變化
- Packaging變化
- Percolator變化
- 插件變化
- 索引重建變化
- 信息統計變化
- DSL查詢變化
- 設置變化
- 腳本變化
- API約定
- 多索引語法
- 索引庫名稱的日期運算
- 常用選項
- URL-based訪問控制
- 文檔APIs
- 讀寫文檔
- 索引接口
- Get接口
- Delete API
- Delete By Query API
- Update API
- Update By Query API
- Multi Get API
- Bulk API
- Reindex API
- Term Vectors
- Multi termvectors API
- ?refresh
- 搜索APIs
- Search
- URI Search
- Request Body Search
- Query
- From / Size
- Sort
- Source filtering
- Fields
- Script Fields
- Doc value Fields
- Post filter
- Highlighting
- Rescoring
- Search Type
- Scroll
- Preference
- Explain
- Version
- Index Boost
- min_score
- Named Queries
- Inner hits
- Field Collapsing
- Search After
- Search Template
- Multi Search Template
- Search Shards API
- Suggesters
- Term suggester
- Phrase Suggester
- Completion Suggester
- Context Suggester
- Returning the type of the suggester
- Multi Search API
- Count API
- Validate API
- Explain API
- Profile API
- Profiling Queries
- Profiling Aggregations
- Profiling Considerations
- Field Capabilities API
- Aggregations
- Metrics Aggregations
- 平均值聚合
- 值計數聚合(Value Count Aggregation)
- Cardinality Aggregation
- Extended Stats Aggregation
- 地理邊界聚合
- 地理重心聚合
- Max Aggregation
- Min Aggregation
- Percentiles Aggregation
- Percentile Ranks Aggregation
- Scripted Metric Aggregation
- Stats Aggregation
- Sum Aggregation
- Top hits Aggregation
- Value Count Aggregation
- Bucket Aggregations
- 鄰接矩陣聚合
- Children Aggregation
- Date Histogram Aggregation
- Date Range Aggregation
- Significant Terms Aggregation
- Filter Aggregation(過濾器聚合)
- Filters Aggregation
- Geo Distance Aggregation(地理距離聚合) 轉至元數據結尾
- GeoHash grid Aggregation(GeoHash網格聚合)
- Global Aggregation(全局聚合) 轉至元數據結尾
- Histogram Aggregation
- IP Range Aggregation(IP范圍聚合)
- Missing Aggregation
- Nested Aggregation(嵌套聚合)
- Range Aggregation(范圍聚合)
- Reverse nested Aggregation
- Sampler Aggregation
- Significant Terms Aggregation
- Significant Text Aggregation
- Terms Aggregation
- Pipeline Aggregations
- Avg Bucket Aggregation
- Derivative Aggregation(導數聚合)
- Max Bucket Aggregation
- Min Bucket Aggregation
- Sum Bucket Aggregation
- Stats Bucket Aggregation
- Extended Stats Bucket Aggregation(擴展信息桶聚合)
- Percentiles Bucket Aggregation(百分數桶聚合)
- Moving Average Aggregation
- Cumulative Sum Aggregation(累積匯總聚合)
- Bucket Script Aggregation(桶腳本聚合)
- Bucket Selector Aggregation(桶選擇器聚合)
- Serial Differencing Aggregation(串行差異聚合)
- Matrix Aggregations
- Matrix Stats
- Caching heavy aggregations
- Returning only aggregation results
- Aggregation Metadata
- Returning the type of the aggregation
- Indices APIs
- Create Index /創建索引
- Delete Index /刪除索引
- Get Index /獲取索引
- Indices Exists /索引存在
- Open / Close Index API /啟動關閉索引
- Shrink Index /縮小索引
- Rollover Index/滾動索引
- Put Mapping /提交映射
- Get Mapping /獲取映射
- Get Field Mapping /獲取字段映射
- Types Exists
- Index Aliases
- Update Indices Settings
- Get Settings
- Analyze
- Explain Analyze
- Index Templates
- 索引統計信息
- 索引段
- 索引恢復
- 索引分片存儲
- 清理緩存
- 刷新
- 同步刷新
- 重新加載
- 強制合并
- Cat APIs
- cat aliases
- cat allocation
- cat count
- cat fielddata
- cat health
- cat indices
- cat master
- cat nodeattrs
- cat nodes
- cat pending tasks
- cat plugins
- cat recovery
- cat repositories
- cat segments
- cat shards
- cat thread pool
- cat snapshots
- cat templates
- Cluster APIs
- 集群健康
- 集群狀態
- 集群統計
- 掛起的集群任務
- 集群重新路由
- Cluster Update Settings
- Nodes Stats
- Nodes Info
- Nodes Feature Usage
- Remote Cluster Info
- Task Management API
- Nodes hot_threads
- Cluster Allocation Explain API
- Query DSL
- 查詢context與過濾context
- Match All Query
- 全文搜索
- 匹配查詢
- 短語匹配查詢
- 短語前綴匹配查詢
- 多字段查詢
- 常用術語查詢
- 查詢語句查詢
- 簡單查詢語句
- Term level queries
- Term Query
- Terms Query
- Range Query
- Exists Query
- Prefix Query
- Wildcard Query
- Regexp Query
- Fuzzy Query
- Type Query
- Ids Query
- 復合查詢
- Constant Score 查詢
- Bool 查詢
- Dis Max 查詢
- Function Score 查詢
- Boosting 查詢
- Joining queries
- Has Child Query
- Has Parent Query
- Nested Query(嵌套查詢)
- Parent Id Query
- Geo queries
- GeoShape Query(地理形狀查詢)
- Geo Bounding Box Query(地理邊框查詢)
- Geo Distance Query(地理距離查詢)
- Geo Polygon Query(地理多邊形查詢)
- Specialized queries
- More Like This Query
- Script Query
- Percolate Query
- Span queries
- Span Term 查詢
- Span Multi Term 查詢
- Span First 查詢
- Span Near 查詢
- Span Or 查詢
- Span Not 查詢
- Span Containing 查詢
- Span Within 查詢
- Span Field Masking 查詢 轉至元數據結尾
- Minimum Should Match
- Multi Term Query Rewrite
- Mapping
- Removal of mapping types
- Field datatypes
- Array
- Binary
- Range
- Boolean
- Date
- Geo-point datatype
- Geo-Shape datatype
- IP datatype
- Keyword datatype
- Nested datatype
- Numeric datatypes
- Object datatype
- Text
- Token數
- 滲濾型
- join datatype
- Meta-Fields
- _all field
- _field_names field
- _id field
- _index field
- _meta field
- _routing field
- _source field
- _type field
- _uid field
- Mapping parameters
- analyzer(分析器)
- normalizer(歸一化)
- boost(提升)
- Coerce(強制類型轉換)
- copy_to(合并參數)
- doc_values(文檔值)
- dynamic(動態設置)
- enabled(開啟字段)
- eager_global_ordinals
- fielddata(字段數據)
- format (日期格式)
- ignore_above(忽略超越限制的字段)
- ignore_malformed(忽略格式不對的數據)
- index (索引)
- index_options(索引設置)
- fields(字段)
- Norms (標準信息)
- null_value(空值)
- position_increment_gap(短語位置間隙)
- properties (屬性)
- search_analyzer (搜索分析器)
- similarity (匹配方法)
- store(存儲)
- Term_vectors(詞根信息)
- Dynamic Mapping
- Dynamic field mapping(動態字段映射)
- Dynamic templates(動態模板)
- default mapping(mapping中的_default_)
- Analysis
- Anatomy of an analyzer(分析器的分析)
- Testing analyzers(測試分析器)
- Analyzers(分析器)
- Configuring built-in analyzers(配置內置分析器)
- Standard Analyzer(標準分析器)
- Simple Analyzer(簡單分析器)
- 空白分析器
- Stop Analyzer
- Keyword Analyzer
- 模式分析器
- 語言分析器
- 指紋分析器
- 自定義分析器
- Normalizers
- Tokenizers(分詞器)
- Standard Tokenizer(標準分詞器)
- Letter Tokenizer
- Lowercase Tokenizer (小寫分詞器)
- Whitespace Analyzer
- UAX URL Email Tokenizer
- Classic Tokenizer
- Thai Tokenizer(泰語分詞器)
- NGram Tokenizer
- Edge NGram Tokenizer
- Keyword Analyzer
- Pattern Tokenizer
- Simple Pattern Tokenizer
- Simple Pattern Split Tokenizer
- Path Hierarchy Tokenizer(路徑層次分詞器)
- Token Filters(詞元過濾器)
- Standard Token Filter
- ASCII Folding Token Filter
- Flatten Graph Token Filter
- Length Token Filter
- Lowercase Token Filter
- Uppercase Token Filter
- NGram Token Filter
- Edge NGram Token Filter
- Porter Stem Token Filter
- Shingle Token Filter
- Stop Token Filter
- Word Delimiter Token Filter
- Word Delimiter Graph Token Filter
- Stemmer Token Filter
- Stemmer Override Token Filter
- Keyword Marker Token Filter
- Keyword Repeat Token Filter
- KStem Token Filter
- Snowball Token Filter
- Phonetic Token Filter
- Synonym Token Filter
- Synonym Graph Token Filter
- Compound Word Token Filters
- Reverse Token Filter
- Elision Token Filter
- Truncate Token Filter
- Unique Token Filter
- Pattern Capture Token Filter
- Pattern Replace Token Filter
- Trim Token Filter
- Limit Token Count Token Filter
- Hunspell Token Filter
- Common Grams Token Filter
- Normalization Token Filter
- CJK Width Token Filter
- CJK Bigram Token Filter
- Delimited Payload Token Filter
- Keep Words Token Filter
- Keep Types Token Filter
- Classic Token Filter
- Apostrophe Token Filter
- Decimal Digit Token Filter
- Fingerprint Token Filter
- Minhash Token Filter
- Character Filters(字符過濾器)
- HTML Strip Character Filter
- Mapping Character Filter
- Pattern Replace Character Filter
- 模塊
- Cluster
- 集群級路由和碎片分配
- 基于磁盤的分片分配
- 分片分配awareness
- 分片分配過濾
- Miscellaneous cluster settings
- Scripting
- Painless Scripting Language
- Lucene Expressions Language
- Advanced scripts using script engines
- Snapshot And Restore
- Thread Pool
- Index Modules(索引模塊)
- 預處理節點
- Pipeline Definition
- Ingest APIs
- Put Pipeline API
- Get Pipeline API
- Delete Pipeline API
- Simulate Pipeline API
- Accessing Data in Pipelines
- Handling Failures in Pipelines
- Processors
- Monitoring Elasticsearch
- X-Pack APIs
- X-Pack Commands
- How To
- Testing(測試)
- Glossary of terms
- Release Notes
- X-Pack Release Notes