Logstash Forwarder forwarding multiple files, ends up jammed together in one single entry

Nww_Pot_Fung_Nng · June 2, 2016, 6:38am

Hi,

I have forwarder monitoring on multiple files.

"files": [
{
"paths": ["/tmp/file1*.log" ],"fields": { "server":"server1" }
}, {
"paths": ["/tmp/file2*.log" ],"fields": { "server":"server2" }
}, {
"paths": ["/tmp/file3*.log" ],"fields": { "server":"server3" }
}
]

In the downstream, the logstash process is running on another server.

My problem is that sometime I can see a single record in elasticsearch contains log contents from the 3 different upstream files.

How is it possible and how to avoid it?

Regards,
Pot

theuntergeek · June 2, 2016, 1:47pm

Logstash-forwarder is deprecated. Please use filebeat instead.

Topic		Replies	Views
Single logstash forwarder sending log to multiple servers Logstash	4	1708	July 6, 2017
Multiple logstash-forwarder on same server Logstash	4	1816	July 6, 2017
Multiple Log Files With Different Output Fails Logstash	1	255	November 6, 2018
Multiple logstash forwarder instances Logstash	12	2233	July 6, 2017
Multiple inputs Beats filebeat	2	2601	September 5, 2018

Logstash Forwarder forwarding multiple files, ends up jammed together in one single entry

Related topics