Switch tail to read mode, but logs not streaming to Kibana

nandydesikan · April 2, 2024, 3:43pm

Thanks for insights I gained from this topic - Grokparsefailure randomly - #5 by fry2k
I switched from default tail mode to read mode. However, logs are not streaming to kibana after the switch (restarted the server which refreshed LogStash agent cache , so new settings were picked up). Can anyone check the file plugin settings and clarify why logstash agent is not sending logs to kibana?
The moment I rollback (i.e. switch to tail mode), its ok.

file {
	     path => "${LOGS_PATH}/event.*.log.*"
	     exclude => "*.gz"
	     mode => "read"
	     start_position => "beginning"
	     sincedb_path => "${LOGS_PATH}/<audit_logs>.db"
	     file_completed_action => "log_and_delete"
	     file_completed_log_path => "${LOGS_PATH}/complete.log"
	   }

system · April 30, 2024, 3:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Tail mode in logstash file input is not reading the recently uploaded files Logstash	1	394	September 16, 2020
Process downloaded log files Logstash	11	1470	June 20, 2019
Question about read mode vs tail mode Logstash	1	760	July 16, 2019
Logstash randomly stopped sending data to ES/Kibana Logstash	1	287	June 19, 2019
Logstash does not do anything with file input but starts successfully Logstash	5	481	April 9, 2019

Switch tail to read mode, but logs not streaming to Kibana

Related topics