We use the following configuration to upload log entries in all log files to elastic search. The OS is Windows 10. We are using elastic search to identify patterns in the log files after completing log data uploaded by logstash without manual intervention(automated). Our application will upload data with the command "logstash.bat -f log.conf" and then search log entries. So our application needs to know when all log entries in all log files are uploaded by logstash. Is there a mechanism to detect log upload completion by logstash from our application?
input {
file {
path => "D:/ELK/yyy/Logs/*/*.log"
type => "connect300"
start_position => "beginning"
add_field => { "component" => "manux"}
sincedb_path => "NUL"
}
}
filter {
if [type] == "connect300" {
grok {
match => { "message" => "\[%{NUMBER:LineNumber}]\[(?<logdate>%{MONTHNUM}/%{MONTHDAY}/%{YEAR} %{TIME})\]-%{GREEDYDATA:level}-\[ThreadId = %{NUMBER:ThreadID}, %{GREEDYDATA:Module}]-%{GREEDYDATA:Message}\r" }
}
date {
match => [ "logdate", "MM/dd/yyyy HH:mm:ss:SSS" ]
target => "@timestamp"
}
}
}
output {
elasticsearch {
hosts => ["http://10.1.151.31:9200"]
index => "connect300"
}
stdout { codec => rubydebug }
}