Could anyone please help, as i have a logstash config file which need to pick log file when it is updated with new logs. once logstash is started it is working fine, but next day the log file is updated but the data is not indexed to elk.
file{
type => "AAM"
path => ["/usr/aam/R11.2.4/logs/marketing.log"]
start_position => "beginning"
sincedb_path => "/home/btuser/Elastic/logstash-7.13.3/data/amm_core"
mode => "tail"
}
Please help in this.
Many thanks!
Have you tried using filebeat instead?
You may have more success using it instead and then sending the data to a beats input in logstash.
Thank you for your idea.
Yes, working on file beat.
Facing issue when providing multiple paths in filebeat.yml.
this is format:
is it correct on Linux server?
Can you post the input of your config file?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.