Hi Guys,
Can someone please tell me if it is possible to rotate the Output File generated by Logstash output plugin ?
In Logstash config I have following lines and was wondering if I can specify option to configure rotation.
output {
file {
path => "/datacollection/lostash/output/packetbeat-%{+YYYY-MM-DD}.txt"
gzip => true
}
}
Regards
What rotation options are you interested in?
Looking for either per hour rotation or Size based rotation.
Regards
Looking for either per hour rotation or
So change %{+YYYY-MM-DD} to e.g. %{+YYYY-MM-DD-HH} or whatever you like. But I'm pretty sure you should use YYYY-MM-dd instead of YYYY-MM-DD.
Note that the timestamp that's expanded in the expression above is @timestamp, which normally should be the event time rather than the current time.
Size based rotation.
That's not supported (within Logstash itself anyway).
Thank you. I will give this a try.
Regards
Is there a way to convert the Hour in EST as opposed to UTC ?
Nope.
So when presenting this data to analytics engine we will have to make the adjustment based on our timezone, is that correct ?
I don't know anything about your analytics engine and what it expects, but the @timestamp field and everything based on it is UTC.
Thank you for the quick response.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.