Filebeat Ingests K8S Older Logs

danielc · April 12, 2021, 9:21pm

Filebeat picks up older logs when there is an other application deployment and generates old indices like filebeat-2021.03.01 etc. (index: filebeat-%{+YYYY.MM.dd}
Filebeat misses some logs from the new pods unless I terminate Filebeat pods.

I think that the timestamp in filebeat-%{+YYYY.MM.dd} is from system rather than from the log file. Isn't it?

mtojek · April 13, 2021, 8:15am

Could you share some sample logs with us? I suspect that there might be a timestamp conversion problem.

system · May 11, 2021, 10:15am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Getting logs from pods via filebeat Beats filebeat	2	1168	October 26, 2018
How to check logs were sending to elasticsearch Beats filebeat	12	1415	May 20, 2022
Can't get logs from some pods Beats filebeat	1	1146	February 7, 2020
Filebeat not picking up /var/log/containers/*.log k8s Beats filebeat	1	813	October 29, 2020
Logs shown in Kibana are behind the current time Beats filebeat	2	359	March 21, 2019