Hello,
I have an application which does log rotation. The files are written in EventLogFile.0 which gets rolled over to EventLogFile.1, once new logs starts getting written to EventLogFile.0. The rollover happens till 4 files as shown below
EventLogFile.0 -> EventLogFile.1
EventLogFile.1 -> EventLogFile.2
EventLogFile.2 -> EventLogFile.3
The most recent logs will be in EventLogFile.0 whereas the most old logs will be in EventLogFile.3.
In my solution, I pick up files using Filebeat and then pass it onto Logstash for parsing and then ingest to Elasticsearch.
How does filebeat handle log rotation? Any specific setting needs to go into Filebeat/logstash?
Thanks
Ankita