File Discovery in Logstash

thorsten1 · May 15, 2017, 11:11am

Hello,

my Logstash Server has an Upload-Directory where other Users can upload their Log-Files.
Logstash is configured to listen to all files in this directory.

  input {
       file {
        path => "/opt/logupload/*.log"
        start_position => "beginning"
        stat_interval => 5
        codec => ...
        }
      }

When I have uploaded a new file, nothing happen's in Logstash. But when I stop my Logstash-Service it begin to parse the file.

Do you have an idea, why the parsing only starts when the service will be stopped?

thorsten1 · May 19, 2017, 8:37am

Did I use the wrong Plugin?

Nico-DF · May 19, 2017, 8:52am

It used to happend to me when I used multiline plugin. It waits until the end match, but when you stop it, it will push the event regardless of the end matched or not.

Do you have any aggregation or multiline that might cause this?

thorsten1 · May 19, 2017, 9:24am

Yes I use multiline codec in this way:

   codec => multiline {
     pattern => "^%{MONTH}%{SPACE}%{MONTHDAY}|^%{HOUR}:%{MINUTE}:%{SECOND}"
     negate => true
     what => previous
   }
   ...

system · June 16, 2017, 9:24am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Alternative to File Input Logstash	3	465	March 18, 2018
Logstash multiline codec ignores last line of log file Logstash	1	226	September 10, 2021
Logstash sends last event only on shutdown Logstash	6	1262	July 6, 2017
Logstash multiline pattern Logstash	4	397	February 1, 2021
Logstash only ingesting data when shutdown/closing files Logstash	6	321	October 17, 2019

File Discovery in Logstash

Related topics