Read mode vs tail mode

Claudio_Ract_Costa · April 22, 2020, 7:22pm

Hi,

I'm processing files that comes from an external server each minute; so once copied, files are static and no new content will be added into the file.

I am reading the files in tail mode but I've experienced some issues processing some lines of the files ( are not being ingested into ES.)

My input configuration is:

input {
        file {
                path => "/fwdata/PCRF/EDR/output/dcr/RTC*"
        }
}

In this directory "/fwdata/PCRF/EDR/output/dcr/" there are hundred files and, after the end of the day (around 00:00 am), a script move these files to other directory.

Well, I would like to know if in this scenario I descrived above:

Is tail mode the correct way to ingest all line within a file to ES ? If yes, my input configuration is correct ? Is possible to undertstand why some lines are not being ingested into ES ?
Or read mode is the correct way ? If yes, can show me how would be the input configuration ?

system · May 20, 2020, 7:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
New to logstash: file input and stdout output not working Logstash	3	8373	July 6, 2017
Filebeats, unable to read all the data from log file Beats filebeat	9	591	November 10, 2022
Logstash-input-file version 4.4.6 sporadically fails to scan files in read mode Logstash	0	13	October 22, 2024
Multiple file inputs cause re-reading of file Logstash docker	6	30	August 29, 2024
Input File Path (not working) vs Input Beats (working) all conf setting are the same but Input Logstash	6	879	February 15, 2019

Read mode vs tail mode

Related Topics