Not able to use since_db properly

Pranay_Garg · July 2, 2019, 2:17pm

I am trying to insert data in elasticsearch using logstash but when i update a file and again process it the events get duplicated when i only want the newly added entries to get indexed, for this i am trying to use sincedb_path but i am making some mistake. Can anybody help me in finding the mistake?. Any help is appreciated. Thanks
My input filter looks like this:

input{
file
{
	mode => "read"
	file_completed_action => "log"
	file_completed_log_path => "C:/logstash-7.1.1/log.txt"
	path => "F:/PRANAY/project/Store Mg C++/sales.csv"
	sincedb_path => "F:/PRANAY/project/Store Mg C++/salesincedb.txt"
	start_position => "beginning"
}}

It would be really great if someone could explain when to use start_position and mode and which value to use.

Badger · July 2, 2019, 3:13pm

How are you updating the file? The file input tracks files by their file id (similar to an inode number on UNIX), not by their name. If you create a new file with the same name but a different id the file input will see it as a new file.

system · July 30, 2019, 3:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash Sincedb duplicate entries Logstash	2	182	November 29, 2023
File input: sincedb general questions Logstash	7	3378	July 6, 2017
Logstash parsing same contents again and again Logstash	11	550	April 29, 2018
Logstash re-processes files, incorrectly updates sincedb Logstash	7	230	May 3, 2024
Reading from first Logstash	14	377	July 9, 2018

Not able to use since_db properly

Related Topics