How to log all requests to ElasticSearch?

Question

I have a problem with debugging my application, so I would like to log all the requests that are send to Elasticsearch.

I learnt that I can do this via slowlog by setting the long time to 0s.

I tried this both in ES 2.4.2 and in ES 5.6.4, but no requests were logged.

In ES 2.4.2 I set in logging.yml:

  index.search.slowlog: INFO, index_search_slow_log_file
  index.indexing.slowlog: INFO, index_indexing_slow_log_file

In ES 5.6.4 I also changed the level to INFO (in log4j2.properties):

logger.index_search_slowlog_rolling.level = info
logger.index_indexing_slowlog.level = info

Then I started ES and issued:

curl -XPUT 'http://localhost:9200/com.example.app.model.journal/_settings' -d '
{
    "index.search.slowlog.threshold.query.info" : "0s", 
    "index.search.slowlog.threshold.fetch.info": "0s", 
    "index.indexing.slowlog.threshold.index.info": "0s" 
}
'

(I would prefer to set this settings for all indexes in configuration file, is it possible?)

Then I searched for some data (and got results):

curl -XGET 'localhost:9200/com.example.app.model.journal/_search?pretty' -d '
{
    "query":
    {
        "match" : { "rank" : "2" } }
    }
}'

This requests was not logged, in ES 2.4.2 the slowlog files are created and empty, in ES 5.6.4 files are not created. What am I doing wrong?

Answer 1

I couldn't find a solution to this, so as a workaround I used mitmdump. Run the proxy:

 mitmdump -v -dddd -R http://localhost:9200

Replace the ES address with the proxy address:

curl -XGET 'localhost:8080/com.example.app.model.journal/_search?pretty' -d '
{
    ...