Hi,
I am using FileBeat 1.2.2 and would like to confirm my understanding with the usage of ignore_older.
The Setup:
FileBeat is configured with ignore_older of 1h, and it is harvesting /var/log/apache.log. FileBeat was shutdown at 05:00 while apache.log still being updated. Apache was shutdown at 05:10 so there are 10 minutes worth of new log events. FileBeat then start up again at 09:00.
My understanding:
With reference to this thread, is my understanding correct that when FileBeat is up at 09:00, it will process apache.log log events between 05:00 and 05:10?
If I wanted FileBeat to ignore apache.log upon start up, I will need to manually modify the registry file to remove the apache.log registry entry. Is this correct?
Thank you!