add additional elasticsearch log output in json format for elasticsearch log integration to parse

salt/elasticfleet/files/integrations/grid-nodes_general/elasticsearch-logs.json

@@ -40,7 +40,7 @@
           "enabled": true,
           "vars": {
             "paths": [
-              "/opt/so/log/elasticsearch/*.log"
+              "/opt/so/log/elasticsearch/*.json"
             ]
           }
         },

salt/elasticsearch/files/log4j2.properties

@@ -23,5 +23,26 @@ appender.rolling.strategy.action.condition.type = IfFileName
 appender.rolling.strategy.action.condition.glob = *.gz
 appender.rolling.strategy.action.condition.nested_condition.type = IfLastModified
 appender.rolling.strategy.action.condition.nested_condition.age = 7D
+
+appender.rolling_json.type = RollingFile
+appender.rolling_json.name = rolling_json
+appender.rolling_json.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.json
+appender.rolling_json.layout.type = ECSJsonLayout
+appender.rolling_json.layout.dataset = elasticsearch.server
+appender.rolling_json.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz
+appender.rolling_json.policies.type = Policies
+appender.rolling_json.policies.time.type = TimeBasedTriggeringPolicy
+appender.rolling_json.policies.time.interval = 1
+appender.rolling_json.policies.time.modulate = true
+appender.rolling_json.strategy.type = DefaultRolloverStrategy
+appender.rolling_json.strategy.action.type = Delete
+appender.rolling_json.strategy.action.basepath = /var/log/elasticsearch
+appender.rolling_json.strategy.action.condition.type = IfFileName
+appender.rolling_json.strategy.action.condition.glob = *.gz
+appender.rolling_json.strategy.action.condition.nested_condition.type = IfLastModified
+appender.rolling_json.strategy.action.condition.nested_condition.age = 7D
+
+
 rootLogger.level = info
 rootLogger.appenderRef.rolling.ref = rolling
+rootLogger.appenderRef.rolling_json.ref = rolling_json