ChintanShah25
Reputation: 12672
Log4j SMTP Appender configuration for elasticsearch in logging.yml
I am using ES 1.7 on Ubuntu 14.10. My use case is that, whenever there is any kind of error occurs in elasticsearch, I would like to send an email to my team, e.g.
{
"query": {
"query_string": {
"wrong_param": "energy"
}
}
}
This query is giving error like
All shards failed for phase: [query_fetch]
org.elasticsearch.search.SearchParseException: [my_index][0]: from[-1],size[-1]: Parse Failure [Failed to parse source [{
"query": {
"query_string": {
"wrong_param": "energy"
}
}
}
]]
at org.elasticsearch.search.SearchService.parseSource(SearchService.java:747)
at org.elasticsearch.search.SearchService.createContext(SearchService.java:572)
at org.elasticsearch.search.SearchService.createAndPutContext(SearchService.java:544)
at org.elasticsearch.search.SearchService.executeFetchPhase(SearchService.java:385)
at org.elasticsearch.search.action.SearchServiceTransportAction$11.call(SearchServiceTransportAction.java:333)
at org.elasticsearch.search.action.SearchServiceTransportAction$11.call(SearchServiceTransportAction.java:330)
at org.elasticsearch.search.action.SearchServiceTransportAction$23.run(SearchServiceTransportAction.java:559)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.elasticsearch.index.query.QueryParsingException: [enerknol] [query_string] query does not support [wrong_param]
at org.elasticsearch.index.query.QueryStringQueryParser.parse(QueryStringQueryParser.java:207)
at org.elasticsearch.index.query.QueryParseContext.parseInnerQuery(QueryParseContext.java:307)
at org.elasticsearch.index.query.IndexQueryParserService.innerParse(IndexQueryParserService.java:382)
at org.elasticsearch.index.query.IndexQueryParserService.parse(IndexQueryParserService.java:281)
at org.elasticsearch.index.query.IndexQueryParserService.parse(IndexQueryParserService.java:276)
at org.elasticsearch.search.query.QueryParseElement.parse(QueryParseElement.java:33)
at org.elasticsearch.search.SearchService.parseSource(SearchService.java:731)
I would like to send an email with this error as body, I have not been able to find any working example of using SMTPAppender with ES, I have changed my logging.yml file following this blog which refers to this gist.
My logging.yml file, the only change in this file is I have appended smtpappender at the end and added it to rootLogger
# you can override this using by setting a system property, for example -Des.logger.level=DEBUG
es.logger.level: INFO
rootLogger: ${es.logger.level}, console, file, smtpappender
logger:
# log action execution errors for easier debugging
action: DEBUG
# reduce the logging for aws, too much is logged under the default INFO
com.amazonaws: WARN
org.apache.http: INFO
# gateway
#gateway: DEBUG
#index.gateway: DEBUG
# peer shard recovery
#indices.recovery: DEBUG
# discovery
#discovery: TRACE
index.search.slowlog: TRACE, index_search_slow_log_file
index.indexing.slowlog: TRACE, index_indexing_slow_log_file
additivity:
index.search.slowlog: false
index.indexing.slowlog: false
appender:
console:
type: console
layout:
type: consolePattern
conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
file:
type: dailyRollingFile
file: ${path.logs}/${cluster.name}.log
datePattern: "'.'yyyy-MM-dd"
layout:
type: pattern
conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
# Use the following log4j-extras RollingFileAppender to enable gzip compression of log files.
# For more information see https://logging.apache.org/log4j/extras/apidocs/org/apache/log4j/rolling/RollingFileAppender.html
#file:
#type: extrasRollingFile
#file: ${path.logs}/${cluster.name}.log
#rollingPolicy: timeBased
#rollingPolicy.FileNamePattern: ${path.logs}/${cluster.name}.log.%d{yyyy-MM-dd}.gz
#layout:
#type: pattern
#conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
index_search_slow_log_file:
type: dailyRollingFile
file: ${path.logs}/${cluster.name}_index_search_slowlog.log
datePattern: "'.'yyyy-MM-dd"
layout:
type: pattern
conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
index_indexing_slow_log_file:
type: dailyRollingFile
file: ${path.logs}/${cluster.name}_index_indexing_slowlog.log
datePattern: "'.'yyyy-MM-dd"
layout:
type: pattern
conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
smtpappender:
type: org.apache.log4j.net.SMTPAppender
smtpHost: localhost
smtpPort: 25
from: mygmail
to: companymail
subject: something bad happened
bufferSize : 20
layout:
type: pattern
conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
This is not working, I also dont see any logs in ES after adding smtpappender which is kind of strange. Has anyone tried this? I would really appreciate any help regarding this.
Upvotes: 0
Views: 746
Answers (0)
Related Questions
- Elasticsearch config with log4j2.xml
- How to configure SmtpAppender programmatically in log4j2
- How to configure writing to multiple Appenders in log4j2?
- Log4j.xml smtpappender emailthrottle
- Log4j2 smtp appender doesn't work for root logger
- Log4J2 Factory Error when attempting to use SMTP Appender
- Log4j SMTPAppender
- Log4j SMTP Appender
- log4j Console and SMTPAppender: How use multiple appenders
- with SMTPAppender I receive only ERROR and not INFO type of log items