Hi,
Is it possible to create hourly log files?
output {
if [type] == "netflow" {
file {
path => "/home/test/Desktop/test/netflow-%{+YYYY-MM-dd-HH}.gz"
gzip => true
}
}
}Creates a properly timestamped file when I start logstash but doesn't create a new file every hour.
Logstash won't create a file if there isn't new data, or if the @timestamp field has older data. It doesn't just say, "oh, the hour has rolled over, I should create a new file." It writes events out, as they are received by the file output plugin, to a file whose name is partially derived from the date value in the @timestamp field in this case.
I can't see if you're using the date filter to parse timestamps, but that can affect things, as the %{+YYYY-MM-dd-HH} string reads those values from @timestamp.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.