Hi ! ,
I have question about streaming events to elastic search. For example say we have a file access.log which is continuously changes and in the logstash we have defined this file as an input.
After I run logstash, it ingested access,log to the elasticsearch. Now if the file is keep updating can logstash keep looking at the access log for additional data ? what if logstash is being killed after ingestion and then if we restart logstash, it it going to pick up from where it stopped ?? How is this works ?
Now if the file is keep updating can logstash keep looking at the access log for additional data ?
Yes, that's the default behavior.
what if logstash is being killed after ingestion and then if we restart logstash, it it going to pick up from where it stopped ??
Yes, see File input plugin | Logstash Reference [8.11] | Elastic.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.