Hello everybody,
I've just installed logstash, elasticsearch and kibana. The issue is that I've found lots of hidden files with this format:
.1015766.51411.253032
.200184.53366.432265
I've found it in several directories and the number of them is increasing.
Please, do you know how can I control those files to store in a particular directory?
Who does create them? I'm not sure if logstash or elasticsearch.
Is there some best practices for that?
Thanks so much!
Hi,
What version of the Elasticstack if being run here? Please share the directories under which you have found said hidden files? What OS is this currently running on?
Hi JKhondhu,
I'm using 5.4.2 version of Elasticsearch under Debian 8.8. The directories under which I've found those hidden files are /etc/logstash/conf.d/ (where I've got the config file for logstash) and /var/log, where I've got the log file I pass to logstash.
Thanks!
Hi,
Please share your logstash.yml
Right now I am going with https://www.elastic.co/guide/en/logstash/current/persistent-queues.html#persistent-queues - "you can enable persistent queues to buffer events on disk"
This is Logstash.yml content:
path.data: /var/lib/logstash
path.config: /etc/logstash/conf.d
path.logs: /var/log/logstash
Hi,
Well, I've just figured out this weird issue. The thing was that in logstash.conf I've got "sincedb_path" param at this way:
sincedb_path => ""
This was the only way I found to force logstash to parse from the begining of the document for each execution because start_position => "beginning" didn't work for me.
So, due to sincedb_patch logstash creates a file from each execution.
Thanks for your help!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.