I have to use wildcards in the PATH section since my log files might be in many different locations.
filebeat.inputs:
- type: log
paths:
- /folder1/*/*/*/folder2/**/*.log
after filebeat service restart, it takes hours for sending logs to Elastic. I tried to add
ignore_older: 10m
clean_inactive: 5h
didn't help much.
syslog shows every 30 sec:
Non-zero metrics in the last 30s
and only after several hours it starts harvesting.
I deleted the registry folder so it will start from scratch,
content of the registry folder during that time:
sudo ls -lh /var/lib/filebeat/registry/filebeat
total 4.0K
-rw------- 1 root root 0 Nov 29 13:19 log.json
-rw------- 1 root root 15 Nov 29 13:19 meta.json