I want to gather logs from a specific location. As the log's name is changed each day, I would like to insert timestamp in log file name. By doing so, each new day, the correct log name will be parsed by filebeat.
Well, the directory is full of old logs. And when I use a regex that can match any character like [0-9]{8}01[0-9]{6}, filebeat will go through all old logs and send their data to Kafka and so own to Elastic ( as old logs are not being zipped ).
So, to evade that and a sideway solution which would be to delete all old logs so it can start with the current active log, I have asked is it possible to use a timestamp in log name?
Also, another thing is, that, when logs get deleted from the Kafka topic after 7 days of retention, filebeat will instantly again parse those old logs and send them again to Kafka.
And when logs get deleted from the index in Elastic after some retention period, Kafka would also send those old logs again to Elastic. That will repeat constantly unless we setup some cron job that will delete logs on the server. But all of this is a not proper solution.
And in my opinion, best would be the timestamp in logfile name? Is that possible, and if so, do you have a suggestion?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.