Logstash - file input plugin with huge number of files

Chandan_PR · March 22, 2016, 1:10pm

Hi,

I need to dump logs from one of our application to elastic search.
The application generates a unique log file for each request. Once the request is completed, this log file will be never updated again. We generate around 1000 log files per minute during peak hours.

Planning to use file input with close_older set to 300 seconds.

Any flaws or drawbacks with this approach? Most of the examples talk about using file input with single file or less number of files considering roll over.

Regards,
Chandan

ebuildy · March 22, 2016, 3:06pm

I think you will run out of file descriptors quite fast.

magnusbaeck · March 22, 2016, 6:08pm

If you set close_older and ignore_older to something sufficiently short you should be okay, I think.

Chandan_PR · March 23, 2016, 1:34pm

Thanks for the reply guys. Will try with close_order and ignore_older set to short value. Will update once I have results.

Topic		Replies	Views
Read mode input plugin and sincedb Logstash	1	382	March 24, 2020
Logstash file input very slow with lots of files Logstash	1	591	June 17, 2020
Clarification needed on File filter Logstash	2	245	October 23, 2019
File Input from directory with 100K files Logstash	5	281	December 2, 2020
Logstash close_older in tail mode Logstash	8	536	March 31, 2023

Logstash - file input plugin with huge number of files

Related Topics