Logs and logging
editLogs and logging
editDocumentation
editLearn about Enterprise Search logs and logging within the following documentation:
- Manage logs – Learn how to manage your logs on Elastic Cloud, or on your own deployment
- View and query logs – Learn how to use two Kibana tools to view and query your logs
- Manage log retention – Learn how to manage log retention policies
- Audit logging guide – Learn how Enterprise Search handles audit logging
- Logs quick reference – Consult this quick reference for key information such as log types, index patterns, and filenames
Known issues
editThe following known issues affect Enterprise Search logs and logging:
-
Deployments may run out of memory if
log_level:debug
is enabled.This issue is known to affect Enterprise Search versions 8.5.1, 8.5.2, 8.5.3, and 8.6.0. This affects deployments with less than 4GB RAM. This issue does not affect Enterprise Search 8.6.0 running in a 4GB+ deployment.
The easiest way to avoid this issue is to run Enterprise Search in a deployment with 4GB+ RAM. A workaround is to avoid leaving the
log_level:debug
setting enabled for Enterprise Search for an extended period of time. -
(Fixed 8.5.3) Deployments do not collect Enterprise Search logs when using Docker images
This issue is known to affect Enterprise Search versions 8.5.0, 8.5.1, and 8.5.2. A fix for this issue is expected in 8.5.3.
The issue affects deployments using Elastic Cloud, Elastic Cloud Enterprise, and Elastic Cloud on Kubernetes. It also affects self-managed deployments using Docker images. The issue does not affect self-managed deployments using packages.
Affected deployments do not collect analytics, API logs, and other Enterprise Search logs.
-
(Fixed 8.5.3) Deployments do not collect Enterprise Search logs when using Enterprise Search service account tokens
This issue is known to affect Enterprise Search versions 8.5.0, 8.5.1, and 8.5.2. A fix for this issue is expected in 8.5.3.
The issue affects self-managed deployments that have configured Enterprise Search to connect to Elasticsearch using the Enterprise Search service account token (
elasticsearch.service_account_token
).Affected deployments do not collect analytics, API logs, and other Enterprise Search logs.
Affected deployments can work around this issue by additionally configuring a username and password to connect to Elasticsearch (
elasticsearch.username
) and (elasticsearch.password
). These credentials will be used to ingest analytics, logs, and metrics data. Other Enterprise Search processes will continue to use the service account token.