I want filebeat to harvest logs that have a date between 9/14/2018 @ 12:00:00 to 9/17/2018 @ 18:00:00 and I'm not sure how to do that ?
Hi @mgreco2k
You could use the range condition if you previously convert the dates to and integer or float value https://www.elastic.co/guide/en/beats/filebeat/master/defining-processors.html#conditions
Mario the time that I'm talking about is the time on the file itself ... the messages in the file have no timestamps on them ... and they are all files created between 9/14/2018 @ 12:00:00 to 9/17/2018 @ 18:00:00
I'm sure elastic has had customers that inadvertently blown away a day of an index in the past and needed that data resent to rebuild that days index ... how was that accomplished?
Ahm, I'm afraid that it's not currently possible. I can't think in any alternative right now
Thank you Mario ... I appreciate that cause I hunted to find an answer on this one. Do you know how to get this type of problem logged as a feature request for the future ?
Sure, just file us a request here https://github.com/elastic/beats/issues, link this thread and we'll examine it. I agree that it could be a nice addition.
We also encourage the community to contribute by solving their own issues. 
does this look good to you Mario ?
I figure you know more about submitting issues than I do ...
Thank you again for your kindness. I spent way too much time blaming myself for an answer on this one.
Sure, I've added a couple of tags already.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.