We are facing a log rotation problem while filebeat is streaming a particular file. I have a File named Log_34.txt and when it was streaming it gets renamed to Log_34.txt2018 and a new file with Log_34.txt gets created. Now at the logstash we are receiving lines from both the files with the "source" (filename) as same(Log_34.txt). So we are unable to distinguish whose lines are those. Can we add a Unique ID something like an Inode or a filetimestamp in the event info while filebeat streams. Or can i get any other solution for this problem ?
I am receiving lines from both the logs with the same filename. In my case the log content from the rotated log and the new log would of different jobs . And logstash events in my case would be processed by different application. So i couldnt associate the content to a Job in my application.
If there is a Inode or someother unique Id for a file created and filebeat propagates it I can distinguish in my application.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.