Ingesting .gz files in elastic

hsalim · May 11, 2020, 12:54am

Hello,
I know this topic has been discussed in the past, but I am unable to find any new information. So asking again to see if anyone can offer an update.

Is there a way to ingest .gz files in elastic without unzipping first?

Thanks,
Hamid

warkolm · May 11, 2020, 1:03am

You will still need to decompress them

hsalim · May 11, 2020, 1:16am

Thanks.

Then what does 'read' mode in file input plugin accomplish?

https://www.elastic.co/guide/en/logstash/current/plugins-inputs-file.html#_read_mode

warkolm · May 11, 2020, 1:18am

In this mode the plugin treats each file as if it is content complete, that is, a finite stream of lines and now EOF is significant.

Basically it means that it'll treat the file as if there will be no new data coming into it.

hsalim · May 11, 2020, 1:27am

So best to unzip prior to ingestion by logstash seems to be the right approach?

warkolm · May 11, 2020, 1:29am

You can use this to read the zipped files in - https://www.elastic.co/guide/en/logstash/current/plugins-codecs-gzip_lines.html

hsalim · May 11, 2020, 1:33am

Thank you. not sure how to explain why the following works then?

input {
file {
id => "xyz"
path => "/opt/dir1/dir2/local/*.gz"
mode => "read"
sincedb_path => "/dev/null"
}
}

system · June 8, 2020, 1:33am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash - .gz files - Error: Unexpected end of ZLIB input stream Logstash elastic-stack-monitoring	3	1353	June 16, 2022
Trying to ingest gzipped csv logs Logstash	4	2004	July 6, 2017
Gz file handling by interaction as XML files Logstash	7	451	December 2, 2021
Reading gzipped files and shutting down Logstash once done Logstash	2	285	May 29, 2019
Using Logstash 5.5 for reading .gz files Logstash	4	4586	September 23, 2017

Ingesting .gz files in elastic

Related topics