AXA 17.1 server on-premise was implemented and it was found that the server stopped working.
A restart of the services was performed many times but it would still not start up.
It was found that the partition of the log was full with the dxc-logstash-apm.out being almost 900 GB which fills the total space.
Is there a way to clear these logs? The total system transaction per day for this environment is almost 50 hits and our space of 1 TB fills up quickly.
Check if "log4j.logger.IntroscopeAgent" in $CA_EMM_HOME/AxC/logstash/apm-logstash-plugin/agent.properties is set to DEBUG or VERBOSE. If so, change that to INFO. Changes to this are hotconfig and do not require a restart.
Also the settings in these properties can affect the logging as well.
Output of IntroscopeAgent.log and dxc-logstash-apm.out is same. dxc-logstash-apm.out is getting created from $CA_EMM_HOME/bin/startServices.sh. It is the nohup output. nohup can be removed from startServices.sh and have logstash handle the log level.
You can do this by editing startServices.sh. Replace with below line.
bin/logstash --quiet -f $CA_EMM_HOME/AxC/logstash/apm-logstash-plugin/dxc-logstash-apm.conf -l $CA_EMM_HOME/logs/dxc-logstash-apm.out
--quiet can be replaced with --verbose for debugging.
You can safely delete dxc-logstash-apm.out by stopping APMLOGSTASH plugin service and deleting the file. After restarting it, the file will be re-created.