Where does logstash store the log files that it has read

simonrisberg · July 1, 2015, 8:51am

Hi!

I was wondering where Logstash is storing the log files that it has read and indexed. I was reading up a little on github and apparently the default folder for this is var/log/syslog but when I jump into the log folder I cannot find a file called syslog. I don't know if this is a setting that you must change somewhere. Worth mentioning is that I am not using a logstash forwarder. Right now I'm having everything on the same server just to try it out and explore.

Any help would be appreciated.

Best regards

magnusbaeck · July 1, 2015, 9:10am

Logstash doesn't have any default or mandatory storage of processed logs. It does ship with several output plugins that you can use to send logs to e.g. files, databases, message brokers, or to Elasticsearch, but it's up to you to configure that according to your needs.

simonrisberg · July 1, 2015, 9:27am

Thank you So what I need is a plugin that ships the read log files to a single logfile that I'm pointing out I guess Will look for this plugin

magnusbaeck · July 1, 2015, 9:52am

I've never seen a need for doing anything like that, but sure, just use the file output.