Read logs after a particular day?

Siddharth_Trikha · June 2, 2015, 10:51am

BACKGROUND:

We have rsyslog creating log files directories like: /var/log/rsyslog/SERVER-NAME/LOG-DATE/LOG-FILE-NAME
So multiple servers are spilling out their logs of different dates to a central location.

Now to read these logs and store them in elasticsearch for analysing I have my logstash config file something like this:

file{
   path => /var/log/rsyslog/**/*.log
}

ISSUE:

Now we want to read log files after a particular date. Eg If in the directory /var/log/rsyslog there are logs of April, May, June 2015 and I want to read all logs after a particular date say > 15.05.2015.

Can this be achieved using logstash file input?

warkolm · June 2, 2015, 11:07am

No it cannot.

You could use a drop though to just discard things before this date.

Topic		Replies	Views
Date pattern in file input path Logstash	5	3589	October 12, 2017
Logstash single date for logs Logstash	8	1107	November 20, 2017
Logstash close file handles? Logstash	1	1643	July 6, 2017
How logstash reads a log file from a subfolder Logstash	3	3834	July 6, 2017
How to input the dateType path about log file in logstash Logstash	2	389	August 8, 2017

Read logs after a particular day?

Related topics