Journalbeat 6.7 repeats old log records after rotation

rajatrj16 · August 23, 2019, 6:31am

How did you solve this issue I am facing this issue right now,
I am taking logs from journalctl and giving input in logstash, then logstash sent it to kibana.

The last log from journalbeat-7.2 is repeating continuously in kibana, but there is only one entry of that log in journalctl.

journalbeat.inputs:
- paths: ["/var/log/journal/ec2a64c31fceb7b6eee4bd5"]
  seek: cursor
  include_matches:
      - "syslog.identifier=XXXXXXX"
setup.template.settings:
  index.number_of_shards: 1
setup.kibana:
output.logstash:
        hosts: ["xxx.xxx.xxx.xx:XXXX"]
processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~

Topic		Replies	Views
Journalbeat 7.2 repeating last log in an infinite loop Beats journalbeat	2	734	November 4, 2022
Beat Stops Sending Events When Journal Rotates Beats journalbeat	2	822	November 4, 2022
Fixing late logs into elastic Logstash	7	230	February 9, 2023
Duplicated documents when log file is rotated while ELK is down Beats filebeat	1	295	April 27, 2020
Filebeat is losing events due to file rotate Beats filebeat	5	2484	July 1, 2016

Journalbeat 6.7 repeats old log records after rotation

Related topics