Hi,
In my project, i have a requirement where we download logs from the devices on an hourly basis, unzip and push to elastic search. After every download, we are replacing the existing files. is file beat keep track of the last pushed pointer if the file got replaced? How do we achieve this with filebeat? Thanks for your help in advance!
Thx!
Filebeat tracks files based on node (at least on Linux), which means that as long as you append to an existing file it keeps track of what has been processed. If you however replace the file, it will appear as a new file and be parsed from the beginning.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.