Our environment is the following:
- OS: Red Hat Enterprise Linux Server release 7.3
- Logstash version: 6.3.0
- ES version: 6.3.2
Our problem: after having stopped the Logstash process for modification purpose in the .conf file, we started the process again but noticed that log files already parsed are treated again; we are using a sincedb file which is not corrupted. The process was working well since a few months until now.
It's the second time we are facing such a problem. Last time, we had to reindex all log files.
- does anybody already encountered such a problem?
- if yes, what did you do to come back to a normal situation? (to avoid parsing again all log files)
Many thanks in advance.