Best way to parse a log folder

sana · March 21, 2018, 1:20pm

i have 6 folders,, at the end of the day a new log file is added to each folder, i used logstash file input to parse the old files to logstash
file {

path => "/home/sana/pfe/docker/logs/**/*.log"
type => "syslog"
 start_position => "beginning"
 sincedb_path => "/dev/null" 
 #ignore_older => 0

codec => multiline {
pattern => "^(%{TIMESTAMP_ISO8601})"
negate => true
what => "previous"
}
}
what configuration i should add so logstash bring the new files automatically to elascticsearch whithout this
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --config.reload.automatic

magnusbaeck · March 22, 2018, 9:03pm

Just run Logstash all the time. It'll re-expand all filename patterns periodically (by default every 15 seconds I think) so new files will be picked up automatically.

sana · March 23, 2018, 5:01pm

thank you, this is the information i've been looking for

system · April 20, 2018, 5:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash daily indexing Logstash	3	319	April 18, 2018
Automatic Parse Compied to Folder Logstash	2	642	July 6, 2017
Can logstash parse same type of multiple log files? Logstash	5	420	April 22, 2021
How to parse today's file Logstash	4	1740	July 6, 2017
How to let Logstash read all my Input texts Files automatically Logstash	11	1042	April 8, 2019

Best way to parse a log folder

Related topics