Adding only the appended part of a file to elastic using logstash

aks03 · March 13, 2023, 4:37am

Hey everyone,
I am new to Elk stack but currently I want to add only the appended part of a file i.e, any extra content added to the file to elastic using logstash 6.3.
The files are unstructured so even that has left me confused on how to approach it.

input {
  file {
    path => "file path"
    start_position => "beginning"
  }
}

filter {
  # Add any necessary filters here
    date {
    match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
  }
}

output {
  elasticsearch {
    hosts => ["hostname:9200"]
    index => "test-index"
  }

}

I have been trying to add contents of file using this code but even that has not been possible until now.
Any advice or help is appreciated.
Thank you

system · March 13, 2023, 4:37am

logstash 6.3 is EOL and no longer supported. Please upgrade ASAP.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns )

system · April 10, 2023, 4:37am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.