Hi Elastic community.
Hope every one is doing well.
I really need your help, I couldn't understand how the ignore_older works in filebeat.
i will explain my doubt , below is the line of command how i kept in Filebeat.yml file,
scan_frequency: 10s
ignore_older: 24h
close_inactive: 72h
compression_level: 0
close_renamed: true
close_removed: true
clean_removed: true
my filebeat ,logstash and elastic search are up and running fine.
now i will down the filebeat and will keep the ignore command and run the services
If i keep below 24hrs file in input then it is passing to logstash and loading in elastic.
If i keep above 24hrs file i,e daybefore yesterday and yesterday file then it is also loading fine in elastic.
How it is possible if i kept ignore_older: 24h then is should ignore 24hrs above file it is not ignoring. Please explain me how it works.
If there is any alternate approach to ignore the old files please guide me.
Thanks in advance.
Hi All,
Can any one help me in this.
Hi @amjad,
I do not exactly understand your explanation of what you are doing. What comes to my mind is that the ignore_older works on the timestamp of files. Can you show more of your setup and include the timestamps of the logfiles you are reading with filebeat?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.