How can i maintain the sequence of log data while parsing it in logstash?

richagautam · September 24, 2018, 6:44am

Hi Team,
How can i maintain the sequence of log data while parsing it in logstash?

My log data has a timestamp filed and some log lines have same timestamp, now while displaying data in kibana it is not coming in the order it occurs in the log file.

Thanks

magnusbaeck · September 26, 2018, 4:36am

Documents stored in ES have no order. You need one or more fields to sort on. If the timestamp isn't precise enough perhaps you can use some other sequence number, like the offset in the file from which the log line was read.

richagautam · September 26, 2018, 5:01am

How can i get offset in the file?
I am not using filebeat, I am taking input from the file input plugin.

Thanks

magnusbaeck · September 26, 2018, 6:29am

Hmm, I thought the file input also provided the offset in a field. If it doesn't the easiest option would be to switch to Filebeat for your file inputs.

system · October 24, 2018, 6:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to maintain the order of logs Logstash	9	7233	July 6, 2017
How to keep my entries ordered as in my file Logstash	1	245	June 21, 2018
How to identify/display set of sequence data In the log file Logstash	8	1143	March 21, 2018
Sorting identical timestamp of logs in kibana Kibana	1	167	December 9, 2022
File-input , how to add file offset as a new field Logstash	3	1425	August 14, 2017

How can i maintain the sequence of log data while parsing it in logstash?

Related topics