Best way to parse a log folder

sana · March 21, 2018, 1:20pm

i have 6 folders,, at the end of the day a new log file is added to each folder, i used logstash file input to parse the old files to logstash
file {

path => "/home/sana/pfe/docker/logs/**/*.log"
type => "syslog"
 start_position => "beginning"
 sincedb_path => "/dev/null" 
 #ignore_older => 0

codec => multiline {
pattern => "^(%{TIMESTAMP_ISO8601})"
negate => true
what => "previous"
}
}
what configuration i should add so logstash bring the new files automatically to elascticsearch whithout this
/usr/share/logstash/bin/logstash -f /etc/logstash/conf.d/logstash.conf --config.reload.automatic

magnusbaeck · March 22, 2018, 9:03pm

Just run Logstash all the time. It'll re-expand all filename patterns periodically (by default every 15 seconds I think) so new files will be picked up automatically.

sana · March 23, 2018, 5:01pm

thank you, this is the information i've been looking for

system · April 20, 2018, 5:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash daily indexing Logstash	3	344	April 18, 2018
Automatic Parse Compied to Folder Logstash	2	663	July 6, 2017
How to set Logstash to parse logfile as soon as logfile has new data Logstash	2	593	February 15, 2017
Logstash not parsing data thats not brand new Logstash	3	1640	July 6, 2017
Files automatically indexed in elastic Logstash	1	274	December 23, 2019

Best way to parse a log folder

Related topics