[Fleet] Change default agent log level from info to warning
#175555
Comments
kpollich
added
the
Team:Fleet
|
Pinging @elastic/fleet (Team:Fleet) |
kpollich
changed the title
info to warninfo to warn
kpollich
changed the title
info to warninfo to warning
|
@nimarezainia we'd still have the ability to troubleshoot individual agents and we do have a sample script customers can use to change the log level across agents individually https://gist.github.com/octavioranieri/116cdb48eab548eb9fc38ae0f79332ca |
|
Maybe paired with the "Agent-Policy log-level" here: #158861 I believe the global setting has a bigger estimate than the agent-policy change which I think just requires exposing a UI change |
|
In our previous testing we expect an 80-90% reduction in Agent monitoring volume with a change to Warn log level. |
|
I changed the default log level to warning locally here, but it seems the agents set info level (tested with docker and local agent too) and the UI takes the agent setting first here. |
Yes because we barely log anything at the warning level. We could reduce storage by 100% by simply not logging anything :) Before we change the log level, we need to make sure that we log enough for basic troubleshooting first. We currently assume this is the Info level in our code, but we can change that and probably get rid of some verbose but low value logging.
Yes if we change this we also need to change it in the default elastic-agent.yml file the agent uses when it is installed. It would also be good to support #158861 if we do end up changing the default log level, in case we miss moving a critical log we don't want users having to change the log level for each individual agent. |
|
Agree on having:
I dont think we need the ability to switch it globally for this. If we have the above 2 how much work auditing the existing log level do we need to make this happen @cmacknz ?
New north star goal 😄 |
Hard to give an exact number. More than a day, less than a week. |
|
@cmacknz is there a task in the agent backlog yet? Shall I create one? |
|
There is no agent issue yet, go ahead and create one. |
|
@strawgate please let us know once the issue is created then @pierrehilbert will prioritize it. |
|
#158861 should be done first prior to this one so that there is a rollback option (hence marking this as blocked). The one-line change to change the default from info to warn should not be merged until the data is validated in elastic/elastic-agent#4252. |
|
This is now blocked by #180778 which is in turn blocked by elastic/elastic-agent#4747 |
|
the original intention here was to reduce the logs collected by having WARN as the default. Changing this default could be a breaking change. Do we need to still change the default from INFO to WARN? this could cause problems for our customers. |
|
I'm happy to close this if other work has superseded the need to change the default here. |
Currently, Fleet sets the default log level to
infohere.We should set this to
warninginstead to saved on storage space and reduce the verbosity of agent logs by default.The text was updated successfully, but these errors were encountered: