Hello everyone,
i've found that in my sincedb the inode entries are doubled.
this is the filter configuration:
input {
file {
path => "/NAS/log/radius/rd0*XXX/radiator.log"
type => "radius"
codec => multiline {
pattern => "^%{DAY}\s%{MONTH}"
negate => true
what => previous
}
start_position => "beginning"
sincedb_path => "/XXX/sincedb_radius"
}
}
this are the inode of the logfiles (on NAS):
ls -li /NAS/log/radius/rd00?XXX/radiator.log
59588 -rw-r--r-- 1 9020 9020 8262306 Jan 12 12:00 xxx
62 -rw-r--r-- 1 9020 9020 61019 Jan 12 12:01 xxx
63 -rw-r--r-- 1 9020 9020 17700096 Jan 12 12:01 xxx
59388 -rw-r--r-- 1 9020 9020 1845763805 Jan 12 11:34 xxx
67 -rw-r--r-- 1 9020 9020 1713889034 Jan 12 11:37 xxx
68 -rw-r--r-- 1 9020 9020 5724023 Jan 12 11:39 xxx
and this are the entry in sincedb:
cat sincedb_radius
59588 0 38 2803185
62 0 38 943179542
63 0 38 13794083
59388 0 38 6430170
67 0 38 53403893
68 0 38 71493672
59588 0 37 186145026
62 0 37 1714653
63 0 37 26848003
59388 0 37 38475099
67 0 37 55367109
68 0 37 170214
it is normal?
I'm experiencing latency in file reading and not all the events are sended to elastic
Best Regards
Alessandro