Json filter and .sincedb

I am seeing an issue in LS various versions including 2.2 / 2.3.4 and 2.4.1 where if I use the json filter the .sincedb is either not generated or is not observed.

This makes getting LS to start processing my file from the beginning (troubleshooting and dev mode) very difficult. If I remove the json filter the behavior returns to normal and the file is then read from the beginning as per my "file" settings:

input {
	file {
		path  => "C:/ELK/mydata/test.log"
		start_position => "beginning"
		sincedb_path => "C:/ELK/mydata/.sincedb"
		sincedb_write_interval => 2
		ignore_older => 0

Is this a known issue? Would greatly appreciate any assistance or suggestions.


this is not a known issue, can you post/attach the log file when running with --log.level=debug?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.