How can i retrieve logs from elastic search in the order they were generated?
If you are gathering logs using Filebeat, this will record a timestamp as well as the filename and the offset of the log entry within this file. When you search you should be able to get the correct order by sorting based on timestamp and offset.
I have time stamp but not the offset. I am gathering logs from a tcp (input plugin) connection to logstash and forwarding it to elastic search.
Then you will only be able to order them by timestamp. If multiple documents have the same timestamp I do not you can establish the order between these.
ok. thanks for quick response.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.