Ok, so I decided to delte my .sincedb files, and they never reappeared. 
Did you restart LS?
Yes sir. Several times. The .sincedb files used to be under /root
What does your config look like?
Hey warklom,
So I belive someone must have restarted Logstash in my server, before Logstash was running as root, but i guess someone made it run as Logstash, and the sincedb files started to get saved under /opt/logstash/ , haha. Or maybe the reason the files begin to go under /opt/logstash is because I used the start_position => beginning once? Anyways, I am however facing a new issue. So I have a file that has new things appended to it as a newline every once in a while, which are the new messages. So when a new mesage comes in, Logstash pickups up the new event, and the previous both, as new events. I beleive I can fix this issue using the Codec multi-line filter correct?
However today I logged into a Logstash Indexer box today, and I found absolutely no Logstash sincedb file.
find / -name "since" 2> /dev/null
The above find command returns 0 results. This time I have no idea why there is none. This logstash configuration looks something like:
input {
redis
{ host => "ip.add.re.ss7"
data_type => "list"
key => "redis-key"
codec => json
threads => 2
}
}
output {
else if [appname] == "appname-value" {
elasticsearch {
hosts => ["hostname.com:9224","hostname.com:9224","hostname.com:9224"]
index => "index-name-%{+YYYY.MM}"
user => "username"
password => "password"
ssl => true
cacert => '/opt/logstash/something.pem'
}
}
}
Any ideas fellow loggers?