Hi
Every time a new log line is added to my log file, logstash is re-parsing my whole log file and sending it to elasticsearch. I have no idea why this is happening? Any ideas?
I have not set
sincedb_path => "/dev/null"
My logfile is being sent via filebeat to logstash.
Thanks
Exactly how is data being added to the log file? Make sure it is appended without changing the inode. If you are adding data e.g. through an editor a new file with the same name is typically generated for each save.
Hi,
Thanks for the reply. It seemed as though it was permission issue with the log file. Changing to read/write permissions seems to fix the issue.
Thanks
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.