Output file plugin not creating timestamped file

erikmathis · June 18, 2019, 6:20pm

output {
  file{
    path => "/var/log/kube-audit/audit-%{+YYYY.MM.dd.HH}.log"
    create_if_deleted => true
    id => "file"
}

The file looks ends up being /var/log/kube-audit/audit-.log. The timestamp works fine in the elasticsearch output plugin so I'm not sure why this is broken.

Badger · June 18, 2019, 6:42pm

In 7.1.1 that works as expected, provided, of course, that the events have an @timestamp field (that's what it uses to do the sprintf).

erikmathis · June 18, 2019, 8:30pm

Thanks!

I noticed that the @timestamp field was removed from a bad example on the kubernetes docs.

system · July 16, 2019, 8:30pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash output is not generating file with current date when timestamp field not available Logstash	3	928	May 4, 2022
Replacing @timestamp correctly Logstash	9	458	March 13, 2019
Debugging Elasticsearch output in Logstash Logstash	9	1675	July 24, 2020
Logs that are visible in stdout not showing up in es/kibana Logstash	5	3732	July 6, 2017
Output to file, codec for windows events Logstash	6	1473	May 21, 2018

Output file plugin not creating timestamped file

Related topics