Hi Guys,
Can someone please tell me if it is possible to rotate the Output File generated by Logstash output plugin ?
In Logstash config I have following lines and was wondering if I can specify option to configure rotation.
output {
file {
path => "/datacollection/lostash/output/packetbeat-%{+YYYY-MM-DD}.txt"
gzip => true
}
}
Regards
What rotation options are you interested in?
Looking for either per hour rotation or Size based rotation.
Regards
Looking for either per hour rotation or
So change %{+YYYY-MM-DD} to e.g. %{+YYYY-MM-DD-HH} or whatever you like. But I'm pretty sure you should use YYYY-MM-dd instead of YYYY-MM-DD.
Note that the timestamp that's expanded in the expression above is @timestamp, which normally should be the event time rather than the current time.
Size based rotation.
That's not supported (within Logstash itself anyway).
Thank you. I will give this a try.
Regards
Is there a way to convert the Hour in EST as opposed to UTC ?
Nope.
So when presenting this data to analytics engine we will have to make the adjustment based on our timezone, is that correct ?
I don't know anything about your analytics engine and what it expects, but the @timestamp field and everything based on it is UTC.
Thank you for the quick response.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.