is there a way I can only get modified timestamp of a file and sent out via filebeat?
What I need is from dir like this "/dir1/dir*/*.log" send modification time of this log file every few min to kafka.
multiple dir will be will be deleted and created at dir* location.
You could use the auditd package on Linux to "watch" that location and combine it with the auditd module to actually ingest the data into elasticsearch.
Another option is to use auditbeat with the fim module
Thank you that is what I was looking for. I just run simple test by installing and running it. it works. But it also picks up many other dir. It may be just configuration thing which I will figure out.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.