Enable logging in Elasticsearch/Kibana deployed using ECK

Objective: To configure logging into Elasticsearch/Kibana deployed by ECK.

Update your Elasticsearch deployment-

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: MYECK
spec:
version: 7.7.0
nodeSets:
- name: master
count: 1
config:
logger.org.elasticsearch: warn
node.master: true
node.data: false
node.ingest: false
node.ml: false

Update your Kibana deployment

apiVersion: kibana.k8s.elastic.co/v1
kind: Kibana
metadata:
name: mykibana
spec:
version: 7.7.0
count: 1
elasticsearchRef:
name: MYECK
config:
logging.quiet: true
http:
service:
spec:
type: ClusterIP
tls:
certificate:
secretName: custom-ssl-cert

There is one more option using env variables !

# In Elasticsearch
podTemplate:
spec:
containers:
- name: elasticsearch
env:
- name: logger.org.elasticsearch
value: warn
---
# In kibana
podTemplate:
spec:
containers:
- name: kibana
env:
- name: LOGGING_QUIET
value: "true"

More Controls you need then use log4j

kubectl create configmap log4j --from-file=log4j2.properties=/opt/log4j2.properties

Mount it into your pod template

podTemplate:
spec:
containers:
- name: elasticsearch
volumeMounts:
- mountPath: /usr/share/elasticsearch/config/log4j2.properties
subPath: log4j2.properties
name: log4j
volumes:
- name: log4j
configMap:
name: log4j

Ref:

https://www.elastic.co/guide/en/kibana/current/settings.html

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store