Interpreting sincedb file

nages · April 20, 2020, 7:47am

I am seeing the following content in sincedb file

2934664528-52087-851968 0 0 11742951 1586411789.669 C:/demo/logs

From the documentation i can see that this is represent with 5 parameters
https://www.elastic.co/guide/en/logstash/6.8/plugins-inputs-file.html
Last one bing the path of the file
First one being inode number .

The numbers seems to be very cryptic, is there any way to derive some meanuiful information out of this - like
1586411789.669 - what dates it represents , i know it is last active timestamp
2934664528-52087-851968 - what about this ?

Badger · April 20, 2020, 3:38pm

That is Thursday, April 9, 2020 5:56:29.669 AM. If you Google UNIX epoch conversion you should find a number of sites that will do the conversion for you.

For the "inode" I would have to refer you to the code. Generally it is the volume serial, and the high and low parts of the file index.

system · May 18, 2020, 3:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Sincedb file in windows Logstash	2	1818	July 6, 2017
Sincedb data logic Logstash	3	446	December 29, 2017
File input: sincedb general questions Logstash	7	3379	July 6, 2017
How does sincedb_clean_after in file{} work? Logstash	3	1690	January 18, 2019
Double entry in sincedb Logstash	1	272	February 9, 2017

Interpreting sincedb file

Related topics