Hi,
I ran logstash to collect log file from azure storage.
I noticed logstash will start to collect log every hour?
Is it true? Could you please tell me how to shorten it?
Regards,
Zhong
Which input plugin are you using? What does its configuration look like?
I am using logstash-input-azureblob
the config is
input {
azureblob {
storage_account_name => "xxxx"
storage_access_key => "xxxxxxx"
container => "test1"
}
}
filter {
grok {
match => ["message", "%{TIMESTAMP_ISO8601:log_timestamp} %{WORD:iisSite} %{WORD:method} %{URIPATH:page} %{NOTSPACE:querystring} %{NUMBER:port} %{NOTSPACE:username} %{IPORHOST:clienthost} %{NOTSPACE:useragent} %{NOTSPACE:cookie} - %{NOTSPACE:referer} %{NUMBER:scstatus} %{NUMBER:sc-substatus} %{NUMBER:sc-win32-status} %{NUMBER:sc-bytes:int} %{NUMBER:cs-bytes:int} %{NUMBER:timetaken:int}"]
}
}
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
Question 1:
My new log file will be created every hour on storage.
I only can see logstash work at that time, and collect few data.
As a result. I only can collect the log that occured at such as from 10:00:00 to 10:01:00.
Question 2:
If I want to recollect today's log. How should I do?
Regards,
Zhong
Sorry, I'm not familiar with that plugin.
If I want to collect data from azure storage, could you give me any advice?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.