Filebeat not scanning after input of ignore_older

Hi there

On my company we have a server that has a huge amount of logs because of a lot of scheduled jobs and a few memory. So when filebeat turns up to collect em it takes all RAM to do so.

So the idea i had is to scan only the recent files on it. Then i put on filebeat.yml ignore_older: 15m and scan_frequency: 1m

Since that, the amount of logs collected by filebeat went from 12.000 to 0

It does not scan anything. And the logs are updated every 10 mins!

I changed the ignore_older: 2h same thing

The files to scan are huge so the filebeat.yml is configured like this for input type:
/opt/.../exploit/logs/job_*/ *.log

What did I missed? is the fact that are several folders and it only check folder modification?

Does that ignore_older option ignores new created log files?

Hi @Kwiskas and welcome to discuss :slight_smile:

ignore_older shouldn't ignore new created files. Could you share your complete configuration?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.