SinceDB naming convention

Elastic Stack Logstash
1

Hello!

I am a Developer using Elastic technology to parse our log files. I was wondering on how does the .sincedb naming convention work?

For example when an index is created, it generates a .sincedb file. I was curious how Elasticsearch associates the index to the file name, given the naming format stated in the documentation.

1.) inode
2.) major devicenumber
3.) minor device number
4.) byte offset

Example if I have an index name of 'sample' how will the .sincedb file name be generated? I am running on a Windows 64 platform. I read around, it is stated that it is generated in the file path and file content which would vary across platforms. Any form of input would be helpful! :smiley:

Thanks,

2

Elasticsearch doesn't have a sincedb file, maybe you are thinking of Logstash?

3

Hello warkolm,

Oh, yeah. Sorry thought it falls under Elasticsearch. Do you have an Idea how it is generated?

Like example below:
.sincedb_bdaeef79721942e53bf8b85d1b4b170d

how are the characters generated? Which characters define inode, Major and Minor device Number ant the byte offset?

Is it better if I move this to the Logstash part of the Forum?

Thanks,

4

Quoting the documentation:

By default, the sincedb file is placed in the home directory of the user running Logstash with a filename based on the filename patterns being watched (i.e. the path option).

Hence, the sincedb filename only depends on the filename pattern(s) listed in the configuration file. Here's the corresponding code:

1 Like