How to understand "registry" file in filebeat


(luxiaoxun) #1

I know that "registry" is for "tracking files that filebeat is harvesting or is harvested", but for details, how to understand it.
Take following as example, what does "timestamp" and "ttl" mean ?
{
"source": "D:\aaaa\history\20181119.log",
"offset": 96657420,
"FileStateOS": {
"idxhi": 393216,
"idxlo": 7245,
"vol": 707258545
},
"timestamp": "2018-11-19T10:21:27.6784958+08:00",
"ttl": -1000000000,
"count": 88781,
"ignore": 0
}


(Pier-Hugues Pellerin) #2

Hello @luxiaoxun

I think the following would help.

Source: This is the path on disk for the file.
Offset: The last position read.
FileStateOS : This contains the information relative to inode and volume, we use that information to uniquely identify a file on disk, it help us track rename.
Timestamp: Record was last updated at.
TTL: Depenging on the user configuration, this will be used internally to know when to garbage collect the record and clean up some state.
count: number of updates for this specific record. (IIRC)


(luxiaoxun) #3

Thanks.