Hello,
I have a few question about the topic filestream and it's difference to the input log.
-
Do I only need an id when using multiple filebeat inputs in a single yml or always? Currently im not using any ids but im curious if i may run into trouble.
-
Can prospector options be nested e.g. like:
prospector
scanner
exclude_files: ...
check_interval: ...
- How does the
exclude_files
work? In the migrating to filestream docu (Step 2: Exclude all processed files | Filebeat Reference [8.5] | Elastic) they got:
paths:
- /var/log/my-application*.json
prospector.scanner.exclude_files: my-application[1-2]{1}.log
Does this mean that my-application*.log is excluded from the path /var/log/ or where is the exclusion happening?
-
How are multiple excluded files separeted? i'd assume its ['file1_pattern', 'file2_pattern']?
-
I'm using scan_frequency with type filestream, so according to the renaming table (Step 3: Use new option names | Filebeat Reference [8.5] | Elastic), it's not working. do both options still work anyways or do i have to rename it in every .yml?
-
What is the difference between e.g. paths: /var/log/.log and include_files: /var/log/.log? When would i use one over the other?
Thanks in advance,
Ossenfeld