Journalbeat 7.2 repeating last log in an infinite loop

rajatrj16 · August 23, 2019, 11:46am

Hello,

I am taking logs from journalctl and giving input in logstash, then logstash sent it to kibana.

The main concern is the last log is repeating in an infinite loop and journalbeat-7.2 is publishing event in about some seconds.

I will be able to see my last log in journalctl -t <syslog.identifier> --recursive (latest) have a single entry that is repeating again and again.

  $  journalctl -t XXXXXX --reverse 
    -- Logs begin at Wed 2019-04-17 12:56:46 UTC, end at Fri 2019-08-23 11:41:01 UTC. --

    Aug 23 10:42:56 APPLICATION XXXXXXX [29452]: username:XXXX.XXXXX|userId:39|ip:XXXXXX|user_agent:XXXX.6.1 (Windows NT X.XX; WOW64

journalbeat.inputs:
- paths: ["/var/log/journal/ec2fchrdeb7e4bd5"]
  seek: cursor
  cursor_seek_fallback: head

  include_matches:
      - "syslog.identifier=XXXXXXX"
setup.template.settings:
  index.number_of_shards: 1
setup.kibana:
output.logstash:
        hosts: ["xxx.xxx.xxx.xx:XXXX"]
processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~
  - drop_event:
        when:
             equals:
                  process.name: "journalbeat"

rajatrj16 · August 26, 2019, 2:03pm

After some digging, I upgraded to 7.3.0 and it fixed my issue , I guess version 6.8.0 and 7.2.0 was broken somewhere.

but with the latest update, it fixed.

Topic		Replies	Views
Journalbeat 6.7 repeats old log records after rotation Beats journalbeat	5	1117	November 4, 2022
Last line of log repeatedly gets indexed/processed to elastic/kibana Logstash	1	229	August 20, 2020
Infinite Loop Of Logs Logstash	1	1134	July 6, 2017
Filebeat Suddenly duplicating events more than 4 entries per log Beats filebeat	1	333	August 1, 2020
Logstash keeps regenerating last event Logstash	1	234	May 19, 2020

Journalbeat 7.2 repeating last log in an infinite loop

Related topics