Diagnosing through logsedit

The log files on each of the Elasticsearch node VMs are a great resource to understand the current state of the system. The following in particular are most useful, which you may need administrative privileges on the VM to access:

/var/log/arm-install.log
A log file that the Elasticsearch deployment script writes to. This provides a chronological timeline for the important events that occur at deployment time, also giving an indication of how long each takes. Looking at this first provides an indication as to whether the deployment script completed successfully.
/var/lib/waagent/custom-script/download/0/stderr
A log file that contains log messages written to standard error (stderr) by the Azure infrastructure when the Elasticsearch deployment script runs.
/var/lib/waagent/custom-script/download/0/stdout
A log file that contains log messages written to standard output (stdout) by the Azure infrastructure when the Elasticsearch deployment script runs. There will be duplication of messages that have been written to /var/log/arm-install.log, in addition to other tooling related output such as apt package installations.
/var/log/monit.log
A log file for monit, the utility used to manage and monitor the Elasticsearch process. This log file is useful to check to ensure monit is running correctly.

Elasticsearch logsedit

In addition to template specific and Azure related logs, Elasticsearch log and configuration files provide invaluable information

Log files in /var/log/elasticsearch/
A collection of different log files written to by the running Elasticsearch process.
/etc/elasticsearch/elasticsearch.yml
The Elasticsearch configuration log file.