Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Elasticsearch server fileset processes logs of other metricsets #23583

Closed
jsoriano opened this issue Jan 20, 2021 · 5 comments
Closed

Elasticsearch server fileset processes logs of other metricsets #23583

jsoriano opened this issue Jan 20, 2021 · 5 comments
Labels
bug Feature:Stack Monitoring Filebeat Filebeat module Stalled Team:Integrations Label for the Integrations team

Comments

@jsoriano
Copy link
Member

jsoriano commented Jan 20, 2021
edited
Loading

Default paths configuration in the Elasticsearch server metricset is too broad, so it harvests files that should be harvested by other metricsets, resulting in incorrectly parsed logs.

Default paths in the server metricset include patterns like /var/log/elasticsearch/*.log.
Logs that should be managed by other filesets match this pattern, e.g. the GC one: /var/log/elasticsearch/gc.log, or the deprecation one: /var/log/elasticsearch/some-name_deprecation.log.
So it can happen that the server fileset harvests these files, selecting for them an incorrect pipeline.

While this is fixed, a possible workaround is to set the paths in the server metricset to the actual server logs, something like this:

- module: elasticsearch
  server:
    enabled: true
    var.paths:
      - '/var/log/elasticsearch/some-name.log'
      - '/var/log/elasticsearch/some-name.log.*'
  ...

Or for JSON logs:

- module: elasticsearch
  server:
    enabled: true
    var.paths:
      - '/var/log/elasticsearch/*_server.json'
      - '/var/log/elasticsearch/*_server.json.*'
  ...
@elasticmachine
Copy link
Collaborator

Pinging @elastic/stack-monitoring (Stack monitoring)

@elasticmachine
Copy link
Collaborator

Pinging @elastic/integrations (Team:Integrations)

@milkfinch
Copy link

We have the same error for deprecation logs (strangely not for all of the others) after we set up the above workaround.

After we specify the proper log files for all the different sections for "var.paths" the problem was solved.

@jsoriano
Copy link
Member Author

We have the same error for deprecation logs (strangely not for all of the others) after we set up the above workaround.

Interesting, what was the config after applying the workaround? In what path were the deprecation logs?

@jsoriano jsoriano removed their assignment Nov 25, 2021
@leweafan leweafan mentioned this issue Mar 26, 2022
Closed
@botelastic
Copy link

botelastic bot commented Nov 25, 2022

Hi!
We just realized that we haven't looked into this issue in a while. We're sorry!

We're labeling this issue as Stale to make it hit our filters and make sure we get back to it as soon as possible. In the meantime, it'd be extremely helpful if you could take a look at it as well and confirm its relevance. A simple comment with a nice emoji will be enough :+1.
Thank you for your contribution!

@botelastic botelastic bot added the Stalled label Nov 25, 2022
@botelastic botelastic bot closed this as completed May 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Feature:Stack Monitoring Filebeat Filebeat module Stalled Team:Integrations Label for the Integrations team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jsoriano @milkfinch @elasticmachine