I'm stuck with getting the fingerprint file_identity working. I have a few nfs mounts from which I'm reading log files. I tried enabling the fingerprint option in the scanner but it seems like it's not really being applied. I'm suspecting this cause when I run filebeat then unmount a share and remount it's again reading the log from the very beginning. I would expect it to identify it by the hash it generates from the first 0-1024 bytes correct? Is there any way to see if fingerprint is enabled and running within the filebeat logs?
Sorry I did have that line already in my config just forgot to add it above. With that option set it's still reading the log from the beginning everytime I remount the share.
Ok after reinstalling filebeat on my hosts I now can see registry entries in /var/lib/filebeat/registry/filebeat/log.json. It seems to do the fingerprint and also store the offset. However when I umount and mount the share, it's still reading the log from the beginning. What am I missing here? The fingerprint seems to stay the same. Below are some line from the above log.json file.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.