Hi,
I'm processing files that comes from an external server each minute; so once copied, files are static and no new content will be added into the file.
I am reading the files in tail mode but I've experienced some issues processing some lines of the files ( are not being ingested into ES.)
My input configuration is:
input {
file {
path => "/fwdata/PCRF/EDR/output/dcr/RTC*"
}
}
In this directory "/fwdata/PCRF/EDR/output/dcr/" there are hundred files and, after the end of the day (around 00:00 am), a script move these files to other directory.
Well, I would like to know if in this scenario I descrived above:
-
Is tail mode the correct way to ingest all line within a file to ES ? If yes, my input configuration is correct ? Is possible to undertstand why some lines are not being ingested into ES ?
-
Or read mode is the correct way ? If yes, can show me how would be the input configuration ?