Is it possible to read only new / changed log files which come after filebeat start?

elasticheart · June 29, 2018, 6:19am

Hi,

I am using ELK GA 6.3.0. I am using Filebeat to read log files from multiple servers and publish them to my Kafka cluster. My log folders already has really huge log files which collectively contains trillions of log entries. There is no issues with Filebeat publishing them to my Kafka topic, but I am facing some difficulties elsewhere. I would like to know if it is possible to parse only new files using filebeat? I mean, Filebeat may publish log entries, which comes after Filebeat start. Is this possible?

Thank you.

elasticheart · June 29, 2018, 6:28am

I have found ignore_older option useful.

system · July 27, 2018, 6:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat collects logs prior to deployment of ELK Beats filebeat	13	1389	September 18, 2018
Can't configure filebeat to only send new added log content Beats filebeat	2	354	November 20, 2019
Parse the past - How to manage my log files Beats filebeat	3	731	April 13, 2017
Grabbing logs no older than X from randomly created logs Beats filebeat	1	653	October 13, 2016
If filebeat will start and kafka/logstash stop Beats filebeat	2	277	June 25, 2018

Is it possible to read only new / changed log files which come after filebeat start?

Related topics