Hi I'am new to elasticsearch.
I wanted to know if there was a possible way to read only the names of the files and ignore the contents inside (I must ignore it to prevent error. I saw this posts but it didn't work for me me:
Thanks in advance
It could be done using filebeat to read the files and then in logstash
mutate { remove_field => [ "message" ] }
if [offset] != 0 { drop {} }
but reading all the files and discarding the contents is ridiculously wasteful. Why not feed the output from ls -l to logstash?
Hi @Badger, thanks for your reply.
I tried :
mutate { remove_field => [ "message" ] }
if [offset] != 0 { drop {} }
But it don't send any date to elasticsearch 
.
This one could be a good solution:
Why not feed the output from
ls -lto logstash?
But I don't know how 
. I am using the file input (I need him to go through my folder), can i keep the file input and feed the input with ls -l?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.