SinceDB naming convention

sombilat · January 25, 2016, 10:17pm

Hello!

I am a Developer using Elastic technology to parse our log files. I was wondering on how does the .sincedb naming convention work?

For example when an index is created, it generates a .sincedb file. I was curious how Elasticsearch associates the index to the file name, given the naming format stated in the documentation.

1.) inode
2.) major devicenumber
3.) minor device number
4.) byte offset

Example if I have an index name of 'sample' how will the .sincedb file name be generated? I am running on a Windows 64 platform. I read around, it is stated that it is generated in the file path and file content which would vary across platforms. Any form of input would be helpful!

Thanks,

warkolm · January 25, 2016, 10:38pm

Elasticsearch doesn't have a sincedb file, maybe you are thinking of Logstash?

sombilat · January 26, 2016, 1:56pm

Hello warkolm,

Oh, yeah. Sorry thought it falls under Elasticsearch. Do you have an Idea how it is generated?

Like example below:
.sincedb_bdaeef79721942e53bf8b85d1b4b170d

how are the characters generated? Which characters define inode, Major and Minor device Number ant the byte offset?

Is it better if I move this to the Logstash part of the Forum?

Thanks,

magnusbaeck · January 26, 2016, 2:42pm

Quoting the documentation:

By default, the sincedb file is placed in the home directory of the user running Logstash with a filename based on the filename patterns being watched (i.e. the path option).

Hence, the sincedb filename only depends on the filename pattern(s) listed in the configuration file. Here's the corresponding code:

github.com

logstash-plugins/logstash-input-file/blob/v2.1.3/lib/logstash/inputs/file.rb#L186-L188


      
          # Join by ',' to make it easy for folks to know their own sincedb
          # generated path (vs, say, inspecting the @path array)
          @sincedb_path = File.join(sincedb_dir, ".sincedb_" + Digest::MD5.hexdigest(@path.join(",")))