Hi,
I need your help.
I have in trouble with dealing with filebeat.
Until now, I created new log files every day like
/home/haley/2017-01/01/session.log
/home/haley/2017-01/02/session.log
/home/haley/2017-01/03/session.log
...
and filebeat monitored it like this
paths:
- /home/haley///session.log
encoding: UTF-8
input_type: log
document_type: "XXXXX"
scan_frequency: 300s
because this way makes filebeat to monitor too much files and registry file bigger, I started to rotate log file. 1 time per 1 day like below. so
(batch such as)
cat /dev/null > /home/haley/session.log
cat /home/haley/2017-03/08/session.log > /home/haley/session.log
and changing path like
paths:
- /home/haley/session.log
encoding: UTF-8
input_type: log
document_type: "XXXXX"
scan_frequency: 300s
so basically, /home/haley/session.log 's inode doesn't change.
I thought filebeat will update new content in log file to KIBANA but it didn't work.
-
I found that if I modify /home/haley/session.log by vi command, then inode is changed then filebeat updates new content in log file to KIBANA right away.
-
I found that if I delete .filebeat (registry file) and restart filebeat, then filebeat writes registry file again and update whole /home/haley/session.log so entries are duplicated..
I just want filebeat to monitor only 1 log file(same inode) and
I just want filebeat to update new content in this log file to KIBANA.
Do you know how to solve this problem? or is it a bug?
my filebeat version is filebeat version 1.2.2 (amd64)