How to stop Elastic Search from appending a newline separated callstack to its logs

Question

I have elastic search configured to to write logs to a file. I find that when a DEBUG logs comes through Elastic Search write the log and then all the callstack, seperated by newlines.

I only want the log to show up in my log file, I don't want to see the callstack.

Here's an example log:

[2013-10-01 09:02:10,695][DEBUG][action.bulk] [Cap 'N Hawk] [metrics-2013.10.01][2] failed to execute bulk item (index) index {[metrics-2013.10.01][metrics][XTvepSybQZaUed6h4Xupag], source[{"..."}]}
org.elasticsearch.index.mapper.MapperParsingException: failed to parse [deviceTelephonyID]
    at org.elasticsearch.index.mapper.core.AbstractFieldMapper.parse(AbstractFieldMapper.java:396)
    at org.elasticsearch.index.mapper.object.ObjectMapper.serializeValue(ObjectMapper.java:599)
    at org.elasticsearch.index.mapper.object.ObjectMapper.parse(ObjectMapper.java:467)
    at org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:507)
    at org.elasticsearch.index.mapper.DocumentMapper.parse(DocumentMapper.java:451)
    at org.elasticsearch.index.shard.service.InternalIndexShard.prepareCreate(InternalIndexShard.java:306)
    at org.elasticsearch.action.bulk.TransportShardBulkAction.shardIndexOperation(TransportShardBulkAction.java:386)
    at org.elasticsearch.action.bulk.TransportShardBulkAction.shardOperationOnPrimary(TransportShardBulkAction.java:155)
    at org.elasticsearch.action.support.replication.TransportShardReplicationOperationAction$AsyncShardOperationAction.performOnPrimary(TransportShardReplicationOperationAction.java:532)
    at org.elasticsearch.action.support.replication.TransportShardReplicationOperationAction$AsyncShardOperationAction$1.run(TransportShardReplicationOperationAction.java:430)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:724)
Caused by: java.lang.NumberFormatException: For input string: "NOTELEPHONY"
    at sun.misc.FloatingDecimal.readJavaFormatString(FloatingDecimal.java:1241)
    at java.lang.Double.parseDouble(Double.java:540)
    at org.elasticsearch.common.xcontent.support.AbstractXContentParser.doubleValue(AbstractXContentParser.java:95)
    at org.elasticsearch.index.mapper.core.DoubleFieldMapper.innerParseCreateField(DoubleFieldMapper.java:308)
    at org.elasticsearch.index.mapper.core.NumberFieldMapper.parseCreateField(NumberFieldMapper.java:167)
    at org.elasticsearch.index.mapper.core.AbstractFieldMapper.parse(AbstractFieldMapper.java:385)
    ... 12 more

I have tried adding:

file:
  type: dailyRollingFile
  file: ${path.logs}/es_log.log
  datePattern: "'.'yyyy-MM-dd"
  layout:
    type: pattern
    conversionPattern: "[%d{ISO8601}][%p][%c] %m%n"
    alwaysWriteExceptions: false
    replace: 
      regex: "(\n.*)*"
      replacement: ""

to the Elastic Search logging.yml configuration. As per:

https://logging.apache.org/log4j/2.x/manual/layouts.html

which I hoped would replace everything after the first newline in a single log entry with an empty string, leaving me with just:

[2013-10-01 09:02:10,695][DEBUG][action.bulk] [Cap 'N Hawk] [metrics-2013.10.01][2] failed to execute bulk item (index) index {[metrics-2013.10.01][metrics][XTvepSybQZaUed6h4Xupag], source[{"..."}]}

Unfortunately it doesn't seem to work. Can anyone see any issues with this approach.

This post: Log4j formatting: Is it possible to truncate stacktraces?

seems to identify an alternative solution, however I am not sure if it can be configured with Elastic Search...

score 0 · Answer 1 · answered Oct 01 '13 at 15:17

0

To disable printing the exception, you need to configure the layout correctly. The pattern in the layout for this is %xEx{none}. Just put it anywhere in the layout.

I'm not sure why the replace doesn't work; my guess is that you either need to make this a multi-line regexp or that the regexp is only applied to the message itself, not the exception.

That said, I don't think that suppressing the exceptions in the log is really a good approach.

I would either configure the system not to log those exceptions (by suppressing output of this specific logger) or to change the code to handle non-numeric input more gracefully. If you disable all exceptions, you also won't see important/real errors.

answered Oct 01 '13 at 15:17

Aaron Digulla

321,842
108
597
820

Elastic Search is responsible for logging the message, therefore I cannot configure that code. Elastic Search provides a YAML interface on to the log4j settings to enable end users to customise their logs. – sungiant Oct 01 '13 at 16:27
I just tried changing the conversionPattern to: "[%d{ISO8601}][%p][%c] %xEx{none}%m%n". It did nothing... Thanks for the suggestion though :-( – sungiant Oct 01 '13 at 16:34
I suggest to create a minimal test case (one class with main, a logger which logs an exception and the config to disable exception logging). If you can't get this to work, open a new question and post your code. – Aaron Digulla Oct 02 '13 at 07:33
The question is about configuring Elastic Search's logging output via it's YAML based interface onto log4j. I am not writing any code. I am not using log4j in a Java app of my own. – sungiant Oct 02 '13 at 08:52
Elastic search is probably not doing anything with log4j, so a minimal test project will allow you to find a solution without wasting a lot of time starting/stopping ES, configuring it, etc. – Aaron Digulla Oct 02 '13 at 15:46

How to stop Elastic Search from appending a newline separated callstack to its logs

1 Answers1