I have a log file. It named access.log
Each 30min new lines appears in this file from remote server (by synchronization).
My filebeat config
filebeat.inputs:
- type: filestream
scan_frequency: 10s
paths:
- /srv/logs/preprod/nginx/access.log
output.logstash:
hosts: ["logstash:5044"]
logging.level: info
logging.to_files: true
logging.files:
path: /var/log/filebeat
name: filebeat
keepfiles: 7
permissions: 0777
Filebeat works from docker container
filebeat:
image: docker.elastic.co/beats/filebeat:7.10.1
user: root
volumes:
- /srv/inc/data/filebeat/data:/usr/share/filebeat/data
- ./filebeat/configs/filebeat.yml:/usr/share/filebeat/filebeat.yml
- /srv/logs/preprod/nginx/access.log:/srv/logs/preprod/nginx/access.log
- /var/log/filebeat:/var/log/filebeat
command: ["--strict.perms=false"]
deploy:
mode: global
I can get new lines of log in elasticsearch only after restarting filebeat container.
How can i get new lines without restarting?
Logs from Filebeat
2021-08-12T06:47:02.707Z INFO [file_watcher] filestream/fswatch.go:131 Start next scan
2021-08-12T06:47:12.707Z INFO [file_watcher] filestream/fswatch.go:131 Start next scan
2021-08-12T06:47:22.707Z INFO [file_watcher] filestream/fswatch.go:131 Start next scan
2021-08-12T06:47:32.707Z INFO [file_watcher] filestream/fswatch.go:131 Start next scan
and nothing else