Hi, I have a log file that need to be sent to logstash using filebeat. My log file of size ~500 MB. Whenever a new event is added to the log file, filebeat is sending the whole log file to logstash. I am interested in only sending the new events to the logstash. I

I followed the instructions in this topic. [image] Logstash sending the complete file when new data is added to the log file Logstash Hi, Given the log file (apache.log) as input to Logstash, after applying some filter the output data is stored in Elasticsearch. Here, wh…

How to send only the newly added log events instead of the entire content of a log file?

Elastic Stack Beats

Sharath_Vutpala (Sharath Vutpala) March 21, 2017, 11:31am 13

I followed the instructions in this topic.

As mentioned in the above topic, when we use echo to add a line to the log file, the problem is solved. When vi editor is used, the whole file is being shipped to the Elasticsearch.

Use echo to add lines to the log file. That solves the issue.