Hi,
I have forwarder monitoring on multiple files.
"files": [
{
"paths": ["/tmp/file1*.log" ],"fields": { "server":"server1" }
}, {
"paths": ["/tmp/file2*.log" ],"fields": { "server":"server2" }
}, {
"paths": ["/tmp/file3*.log" ],"fields": { "server":"server3" }
}
]
In the downstream, the logstash process is running on another server.
My problem is that sometime I can see a single record in elasticsearch contains log contents from the 3 different upstream files.
How is it possible and how to avoid it?
Regards,
Pot