NEED TO READ ONLY THE NEWEST FILE IN EACH FOLDER

Daniel_Lopez · June 2, 2021, 8:26am

Hi guys!!

I need to configure logstash to read only the newest file in folders, when I restart always read all files, and I couldn't understand why, files are in NAS, and I mount folders before start reading.

This is my last input config: (I tried with beginning.end, changing close_older and ignore_older values, tail or read mode)

input {
	file {
		mode => "tail"
		path => "/logs/**/*.ltf" 
		start_position => "end"
		sincedb_path => "/home/monava/db_logs"
    close_older => "1h"
    ignore_older => "1h"
    }
}

The newest file is always writing new lines.

Could some help with this??

Badger · June 2, 2021, 5:17pm

It is possible that if you re-mount the NAS it is being assigned a different device number. That would show up in the sincedb, which is just a text file.

Daniel_Lopez · June 2, 2021, 5:37pm

But when I restart logstash with the unit mounted, logstash read again all files...

Badger · June 2, 2021, 5:51pm

If you pick and example file name and search for it in the sincedb then what do you see?

You could try setting log.level to TRACE and seeing what the filewatch module reports (it is voluminous, so redirect logs to a file).

system · June 30, 2021, 5:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
After restart, logstash doesn't read only new files Logstash	7	1018	January 13, 2022
Logstash read the entire file again whenever pipeline reload Logstash	13	1451	April 10, 2020
Logstash not reading files Logstash	3	2064	July 6, 2017
File input, from NetApp CIFS share, not reading single file Logstash	11	1395	September 16, 2019
File input monitoring a file or folder always reads from beginning Logstash	2	765	July 6, 2017

NEED TO READ ONLY THE NEWEST FILE IN EACH FOLDER

Related topics