Best way to parse a log folder

sana · March 21, 2018, 1:20pm

i have 6 folders,, at the end of the day a new log file is added to each folder, i used logstash file input to parse the old files to logstash
file {

path => "/home/sana/pfe/docker/logs/**/*.log"
type => "syslog"
 start_position => "beginning"
 sincedb_path => "/dev/null" 
 #ignore_older => 0

codec => multiline {
pattern => "^(%{TIMESTAMP_ISO8601})"
negate => true
what => "previous"
}
}
what configuration i should add so logstash bring the new files automatically to elascticsearch whithout this
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --config.reload.automatic

magnusbaeck · March 22, 2018, 9:03pm

Just run Logstash all the time. It'll re-expand all filename patterns periodically (by default every 15 seconds I think) so new files will be picked up automatically.

sana · March 23, 2018, 5:01pm

thank you, this is the information i've been looking for

Topic		Replies	Views
Logstash daily indexing Logstash	3	358	April 18, 2018
How to set Logstash to parse logfile as soon as logfile has new data Logstash	2	602	February 15, 2017
Automatic Parse Compied to Folder Logstash	2	676	July 6, 2017
Files automatically indexed in elastic Logstash	1	284	December 23, 2019
Logstash doesn't parse new files in directory Logstash	5	164	November 14, 2023

Best way to parse a log folder

Related topics