Logstash - file input plugin with huge number of files

Chandan_PR · March 22, 2016, 1:10pm

Hi,

I need to dump logs from one of our application to elastic search.
The application generates a unique log file for each request. Once the request is completed, this log file will be never updated again. We generate around 1000 log files per minute during peak hours.

Planning to use file input with close_older set to 300 seconds.

Any flaws or drawbacks with this approach? Most of the examples talk about using file input with single file or less number of files considering roll over.

Regards,
Chandan

ebuildy · March 22, 2016, 3:06pm

I think you will run out of file descriptors quite fast.

magnusbaeck · March 22, 2016, 6:08pm

If you set close_older and ignore_older to something sufficiently short you should be okay, I think.

Chandan_PR · March 23, 2016, 1:34pm

Thanks for the reply guys. Will try with close_order and ignore_older set to short value. Will update once I have results.

Topic		Replies	Views
Read mode input plugin and sincedb Logstash	1	383	March 24, 2020
Logstash file input very slow with lots of files Logstash	1	592	June 17, 2020
Clarification needed on File filter Logstash	2	245	October 23, 2019
How to get the ouput Logstash	5	681	July 6, 2017
Logstash and open files question Logstash	3	507	April 5, 2018

Logstash - file input plugin with huge number of files

Related topics