Folks,
We have mapped the log path in filebeat.yml then logstash created new Index with given format and running on everyday successfully. We are using the below syntax to publish the filebeat manually to upload log even though
sudo service logstash/elasticsearch/filebeat start/restart as well.
cd /usr/share/filebeat/bin
filebeat -e -c /etc/filebeat/filebeat.yml -d "publish"
My Queries are below that
- Is it right way to use above syntax or any an alternative process to automate the filebeat once the log are placing rather than using the publish above command.
- How do determine once all log upload completed, it means that filebeat harvester is inactive to identify and stop the filebeat service since respective service are running full day and consuming memory. so, would like to stop once all log uploaded and filebeat seems idle. We may restart filebeat service on next day log will place on mapped folder. I have tried /var/log/filebeat > filebeat.log but no clue to grep the status to stop service. Pls. correct or suggest if i am wrong as i am starting new in ELK
- Unable to see cluster health document size for sometime while logstash upload is inprogress