Viewing log files

To obtain logs from the containers:

docker cp <logstash container ID>:/var/lib/logstash/data logs/

where 'logs/' is a local directory where the logs will be copied into.

Use the docker-compose logs command to view all logs:

docker-compose logs

For more information on Docker commands, visit the Docker documentation website: https://docs.docker.com/

Be default, log files are automatically purged after 14 days. To modify this value:

1. Stop the containers.

2. Edit the docker-compose.local-overrides.ymlfile located in the docker-swarm directory:

   1. Add the logstash service.

   2. Add the DAYS_TO_KEEP_LOGS environment variable with the new value. This example purges log files after 10 days:

      logstash:
       environment: {DAYS_TO_KEEP_LOGS: 10}

3. Restart the containers.