Hi,
As I understood that the log is rotated per day by using this config 'path' parameter -
file {
path => "/var/logstash/server-%{+YYYY-MM-dd}.log"
codec => line { format => "%{[message]}"}
}
A) I'm trying to make it a generic in Logstash configuration to pass the filename as event from filebeat, say filename: server-%{+YYYY-MM-DD}.log
when I apply this filename in logstash config as below
file {
path => "/var/logstash/%{filename}"
codec => line { format => "%{[message]}"}
}
file is generated with name server-%{YYYY-MM-DD}.log instead of server-2019-07-08.log.
b) What would be the default behaviour if I give path => "/var/logstash/server.log in config, as noticed it always append the logs. Does it honour the file size. please provide inputs
This looks more related to Logstash. Filebeat sends the absolute file path to logstash. You would have to use grok or the ruby filter to find the actual base name (plus/minus dates). Yet I don't know if the file output support a format string to the path setting.
i'm new to writing the filters, however will try.
The use cases targeting is filebeat harvesting 5 files and sent to single Logstash, we want to store the corresponding 5 files in logstash centralised location mention in generic path location.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.