I'm using logstash to parse my application's log files. Sometimes several events happen at the same time, at least according to their timestamp. But I'd like to be able to see them in their original order in Kibana. Is there a way to make this happen, maybe by recording some kind of sequence number?
I'm using log-courier to forward my logs to a logstash server, if that matters.
How do you know that their original order is though?
The program reading the original log files would know, so I guess it would have to come from there. That might make this a question for log-courier, but if there's a solution using logstash-forwarder, I'd be open to using that instead.
LSF does and doesn't have this concept.
It does because of sincedb, so if it reads event 1 and has to stop, it'll pickup at event 2. But there is no way to pass that this was event 1 at timestamp N through.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.