Logstash service restart : reading file from beginning

anoopmk007 · August 25, 2016, 6:41pm

Hello,

I am facing some issues with logstash service restart.
Every time when restart the service , then logstash start reading logs files from beginning.

Any idea how to resolve this?

logstash configuration:-

input {
file{
path => "E:/DashBoard/OUTBOUND/*"
start_position => "end"
}
}

filter
{
kv {
source => "message"
value_split => "]"
field_split => ","
trimkey => "["
}

mutate
{
add_field =>["[geoip][location]","%{[latitude]}"]
add_field =>["[geoip][location]","%{[longitude]}"]
}

mutate
{
convert =>["[geoip][location]","float"]

}
}

output {
elasticsearch { hosts => ["xx.xx.xx.xx:9200"] }
stdout { codec => rubydebug }
}

magnusbaeck · August 25, 2016, 8:23pm

I'm guessing Logstash is having issues writing the sincedb file (or reading it upon startup). Look in your logs for clues about sincedb. You may have to crank up the logging by starting Logstash with -v or even -d.

Topic		Replies	Views
File input processing question Logstash	3	1077	July 6, 2017
File input monitoring a file or folder always reads from beginning Logstash	2	753	July 6, 2017
Logstash re-read full log after restart Logstash	6	1295	January 26, 2021
Prevent logstash from reading file from beginning when restarted Logstash	1	267	March 23, 2020
Logstash doesn't read file from beginning Logstash	2	1051	May 4, 2017

Logstash service restart : reading file from beginning

Related topics