Log file tailing | Logstash Configuration

Elastic Stack Logstash
1

Hi,

I have a local log file which is updated constantly. I have the following input filter in place:

file
{
path => ["/home/joseph/Desktop/audit.log"]
start_position => "beginning"
sincedb_path => "/dev/null"
exclude => "*.gz"
}

However, since I set the start_position to beginning, the entire file is read each time the file is updated. Is it possible for me to configure logstash to only ship the new logs ( by tailing) to Elasticsearch?

2

That is why :slight_smile:

3

My bad!

Thank you!

I assume it should work if I remove that line. :slight_smile:

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.