Log file tailing | Logstash Configuration

Joseph · January 31, 2017, 5:05am

Hi,

I have a local log file which is updated constantly. I have the following input filter in place:

file
{
path => ["/home/joseph/Desktop/audit.log"]
start_position => "beginning"
sincedb_path => "/dev/null"
exclude => "*.gz"
}

However, since I set the start_position to beginning, the entire file is read each time the file is updated. Is it possible for me to configure logstash to only ship the new logs ( by tailing) to Elasticsearch?

warkolm · January 31, 2017, 6:12am

That is why

Joseph · January 31, 2017, 6:48am

My bad!

Thank you!

I assume it should work if I remove that line.

system · February 28, 2017, 6:48am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to ignore previous log files when using file input plugin? Logstash	5	2038	July 6, 2017
Updating config file Logstash	6	512	November 3, 2021
File input processing question Logstash	3	1077	July 6, 2017
How To Make File Input Read Entire File Every Time? Logstash	5	4824	July 6, 2017
Logstash + sincedb_path and start_position Logstash	2	14755	July 6, 2017

Log file tailing | Logstash Configuration

Related topics