Hi Team,
How can i maintain the sequence of log data while parsing it in logstash?
My log data has a timestamp filed and some log lines have same timestamp, now while displaying data in kibana it is not coming in the order it occurs in the log file.
Thanks
Documents stored in ES have no order. You need one or more fields to sort on. If the timestamp isn't precise enough perhaps you can use some other sequence number, like the offset in the file from which the log line was read.
How can i get offset in the file?
I am not using filebeat, I am taking input from the file input plugin.
Thanks
Hmm, I thought the file input also provided the offset in a field. If it doesn't the easiest option would be to switch to Filebeat for your file inputs.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.