I use EKB to process log data, and FileBeat sends data to ElasticSearch directly.
The objective is to have some way to render the sequence of events in the same order they were read out of the log file.
With the "offset" field, I can do that inside a file. But in my case, all the "source" filed, which represents the file path, is same as log rotated. In other words, the lastest file is always called access.log.
Would appreciate any advice on how the problem might be overcome using the available options.