i am currently having logstash + elastic search in the local linux server and using logstah to index files from S3 bucket , push it to elastic search . S3 bucket (B1) is having thousands of files and when i trigger the logstash, i dont see any progress. after "logstah startup completed".
but when i trigger the logstash against another S3 bucket(B2) which has less number of file, it is taking 30-40 mins to start the indexing.
below are my questions.
- the logstash indexing start depends on the volume of files in a bucket?
- is this the logstash behavior to read the complete files in the bucket before in starts the indexing?
- if there is a new file added to the bucket.. how logstash will know and index only that file.
Please help.