I am working on the filebeat 1.1.1. The following is the snippet of the configuation file. I assume the filebeat reads from the end of the log files as the 'tail_files' is true. But it seems the filebeat doesn't work as I thought. Any idea of this?
filebeat: prospectors: - paths: - "/var/log/nginx/*access.log" document_type: "nginx_access" exclude_files: [".tar$",".tgz$",".gz$",".bz2$",".zip$"] tail_files: true force_close_files: true