File Discovery in Logstash

thorsten1 · May 15, 2017, 11:11am

Hello,

my Logstash Server has an Upload-Directory where other Users can upload their Log-Files.
Logstash is configured to listen to all files in this directory.

  input {
       file {
        path => "/opt/logupload/*.log"
        start_position => "beginning"
        stat_interval => 5
        codec => ...
        }
      }

When I have uploaded a new file, nothing happen's in Logstash. But when I stop my Logstash-Service it begin to parse the file.

Do you have an idea, why the parsing only starts when the service will be stopped?

thorsten1 · May 19, 2017, 8:37am

Did I use the wrong Plugin?

Nico-DF · May 19, 2017, 8:52am

It used to happend to me when I used multiline plugin. It waits until the end match, but when you stop it, it will push the event regardless of the end matched or not.

Do you have any aggregation or multiline that might cause this?

thorsten1 · May 19, 2017, 9:24am

Yes I use multiline codec in this way:

   codec => multiline {
     pattern => "^%{MONTH}%{SPACE}%{MONTHDAY}|^%{HOUR}:%{MINUTE}:%{SECOND}"
     negate => true
     what => previous
   }
   ...

system · June 16, 2017, 9:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.