Filebeats open files issues

novice · February 5, 2016, 8:24am

I am using filebeats on my elk stack (recently migrated from logstash-forwarder). Filebeats doesn't releases the deleted log files which is a major concern for us.
I have used the following config, still it holds up the deleted files.

filebeat:
  prospectors:
    -
      paths
        - /var/log/syslog

      input_type: log

      fields:
         environment: 
         app: 
         app_ip: 

      ignore_older: 1h
      force_close_files: true

  registry_file: /var/lib/filebeat/registry
output:

  logstash:
    hosts: [":5043"]


    tls:
      # List of root certificates for HTTPS server verifications
      certificate_authorities: ["/etc/pki/tls/certs/logstash-forwarder.crt"]
shipper:
logging:

    rotateeverybytes: 10485760 # = 10MB

ruflin · February 29, 2016, 8:23am

@novice Sorry for the late reply. Which version of filebeat are you using? Which is your OS?

Topic		Replies	Views
Filebeat holding deleted files which consumes disk space Beats filebeat	6	6091	June 27, 2017
Filebeat not closing deleted files redux Beats filebeat	10	2152	October 10, 2016
Filebeat only sends logs on service restart Beats filebeat	2	860	July 5, 2017
Filebeats not rescanning if Elasticsearch index deleted Beats	4	2294	July 5, 2017
Filebeat not sending new logs to ELK server untill restart Beats filebeat	13	3849	September 29, 2016

Filebeats open files issues

Related topics