Hourly log rotation?

Sjaak01 · November 9, 2017, 4:09am

Hi,

Is it possible to create hourly log files?

output {
 if [type] == "netflow" {
 file {
   path => "/home/test/Desktop/test/netflow-%{+YYYY-MM-dd-HH}.gz"
   gzip => true
 }
}
}

Creates a properly timestamped file when I start logstash but doesn't create a new file every hour.

theuntergeek · November 10, 2017, 3:33pm

Logstash won't create a file if there isn't new data, or if the @timestamp field has older data. It doesn't just say, "oh, the hour has rolled over, I should create a new file." It writes events out, as they are received by the file output plugin, to a file whose name is partially derived from the date value in the @timestamp field in this case.

I can't see if you're using the date filter to parse timestamps, but that can affect things, as the %{+YYYY-MM-dd-HH} string reads those values from @timestamp.

system · December 8, 2017, 3:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Output File Rotate Logstash	10	9233	March 28, 2017
Output file to create based on timestamp Logstash	2	1332	November 1, 2018
File output plugin's file rotation based on size or say after every 4 hours Logstash	2	1760	March 13, 2018
Output file plugin not creating timestamped file Logstash	3	265	July 16, 2019
Logstash-output-file-as time based Logstash	4	1914	May 16, 2018

Hourly log rotation?

Related Topics