Read latest logs from a file

Aniket_Pant · February 7, 2026, 1:19pm

Hello Folks,

I have one log file and it is containing all logs since November 2025 to till now. For doing the parsing of logs i’ve copy-paste sample logs to test.log file and it worked. My question is

How to read last 3 days of logs ?(As the user have one single log file which is not rotating)
Or How to read latest logs.

I have used ignore_older option but it give me all the logs because i have copy paste sample logs .I have used tail option it worked . Is there any other way to read

Tortoise · February 8, 2026, 10:06am

Hello @Aniket_Pant

I believe there are 2 ways :

Is to dissect & drop the messages :

processors:
  - grok:
      field: message
      patterns:
        - '%{TIMESTAMP_ISO8601:log_timestamp} %{GREEDYDATA:msg}'

  - date:
      field: log_timestamp
      target_field: "@timestamp"
      formats:
        - ISO8601

  - drop_event:
      when:
        range:
          "@timestamp":
            lt: "now-3d"

2. Index all the data & delete older data from index :

POST your-index-name/_delete_by_query
{
  "query": {
    "range": {
      "@timestamp": {
        "lt": "now-3d"
      }
    }
  }
}

Thanks!!

Topic		Replies	Views
Older logs than 30days Beats	4	2757	March 2, 2018
Filebeat config to read current log only Beats filebeat	2	817	April 26, 2020
Filebeat retrieve log with current time stamp Beats filebeat	1	245	October 3, 2021
Grabbing logs no older than X from randomly created logs Beats filebeat	1	675	October 13, 2016
Retrieve daily logs Beats	9	348	April 15, 2020

Read latest logs from a file

Related topics