Capturing missed logs after Elasticsearch read-only reset

I ran into the situation 2 days ago where Elasticsearch kicked in to a "FORBIDDEN/12/index read-only" episode. I freed up space, reset the read_only_allow_delete and got logs capturing again. However, I had about 12 hours on my servers where logging was missed.

Can I give Filebeat parameters to capture the logs to Elasticsearch for a period of time? To get logs pushed in during the "read-only" period?

Thanks in advance!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.