Interpreting sincedb file

nages · April 20, 2020, 7:47am

I am seeing the following content in sincedb file

2934664528-52087-851968 0 0 11742951 1586411789.669 C:/demo/logs

From the documentation i can see that this is represent with 5 parameters
https://www.elastic.co/guide/en/logstash/6.8/plugins-inputs-file.html
Last one bing the path of the file
First one being inode number .

The numbers seems to be very cryptic, is there any way to derive some meanuiful information out of this - like
1586411789.669 - what dates it represents , i know it is last active timestamp
2934664528-52087-851968 - what about this ?

Badger · April 20, 2020, 3:38pm

That is Thursday, April 9, 2020 5:56:29.669 AM. If you Google UNIX epoch conversion you should find a number of sites that will do the conversion for you.

For the "inode" I would have to refer you to the code. Generally it is the volume serial, and the high and low parts of the file index.

Topic		Replies	Views
Sincedbに書き込まれる内容について日本語による質問・議論はこちら	2	1177	April 10, 2020
Sincedb data logic Logstash	3	474	December 29, 2017
Sincedb file in windows Logstash	2	1849	July 6, 2017
Issue with logstash 8.17.4. Sincedb sometimes does not recognise the correct inode. After logstash restart it works Logstash	9	92	May 8, 2025
Double entry in sincedb Logstash	1	284	February 9, 2017

Interpreting sincedb file

Related topics