We are using ELK stack with Filebeat pushing the logs to the Centeralized elastic search.
Is anyone suggest how to inform filebeat to push the logs file based on the timestamp .How should i configure in the yml file so that filebeat will push the logs based on the timestamp
I don't understand what "push the log based on the timestamp" means. Do you want to push the logs at specific point in time rather than push them continuously as new log messages arrive?
HI
Pls find the real problem
We have 2
sets of logs /folderA/app.log and /folderB/app1.log.filebeat is pushing
the logs from these folders. we want to push them
continuously as new
log messages arrive but in sequential order which will be based on
timestamp of logs getting updated in different files.
Let say we have 2 files
and both are getting within fraction of millisecond difference , So while
receiving log line at logstash we want to maintain the logs to be received in same sequence.
Which is not happening currently in filebeat.
filebeat does not support parsing logs + does not implement sorting/correlation features. This is fully out of scope of filebeat. Not sure if this can be done with logstash.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.