Logstash problem with Logrotate: Missing out on a lot of logs

Hi,

Problem: I am missing on alot of logs.

My logrotate config looks like this:

files:
"/etc/logrotate.d/webapp":
mode: "000755"
owner: root
group: root
content: |
/mnt/logs/xx.log {
missingok
maxsize 1G
rotate 1
compress
delaycompress
notifempty
copytruncate
postrotate
INSTANCE=$(curl some_endpoint)
APP=app_name
aws s3 some_s3_endpoint
endscript
}

My log rotate file which gets created is named xx.log-20190315
So even though I am not doing any dateext config in logrotate, by default it is appending date to the log file.

my logstash config looks like:

input {
file {
type => "xx_log"
path => "/mnt/logs/xx.log"
mode => "tail"
exclude => ".gz"
start_position => "end"
sincedb_path => "/root/.xx_log_sincedb"
codec => multiline {
pattern => "^%{YEAR}-%{MONTHNUM}-%{MONTHDAY} %{TIME}.
"
negate => "true"
what => "previous"
}
}
}

With all of the above configuration, logstash is still missing out on logs(probably because it is not reading the logs of the rotated file)

Any kind of help will be appreciated!

Thanks.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.