Interpreting sincedb file

nages · April 20, 2020, 7:47am

I am seeing the following content in sincedb file

2934664528-52087-851968 0 0 11742951 1586411789.669 C:/demo/logs

From the documentation i can see that this is represent with 5 parameters
https://www.elastic.co/guide/en/logstash/6.8/plugins-inputs-file.html
Last one bing the path of the file
First one being inode number .

The numbers seems to be very cryptic, is there any way to derive some meanuiful information out of this - like
1586411789.669 - what dates it represents , i know it is last active timestamp
2934664528-52087-851968 - what about this ?

Badger · April 20, 2020, 3:38pm

That is Thursday, April 9, 2020 5:56:29.669 AM. If you Google UNIX epoch conversion you should find a number of sites that will do the conversion for you.

For the "inode" I would have to refer you to the code. Generally it is the volume serial, and the high and low parts of the file index.

system · May 18, 2020, 3:38pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.