Why Filebeat resend previous log when I add new content in log file?

leyi1002 · March 19, 2018, 8:42am

I hava no idea why filebeat send all content of log,but not new content.Thanks for your help!

filebeat.yml

filebeat.prospectors:


- type: log

  enabled: true


  paths:
    - /usr/local/logstash/sample/line.log
  fields:
    type: syslog  


#============================= Filebeat modules ===============================

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false



#==================== Elasticsearch template setting ==========================

setup.template.settings:
  index.number_of_shards: 3


setup.template.name: "filebeat-jay"
setup.template.pattern: "filebeat-jay-*"
setup.kibana:

  host: "localhost:5601"
  username: "elastic"
  password: "elastic"




#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["localhost:9201"]
  index: "filebeat-jay-%{[beat.version]}-%{+yyyy.MM.dd}"
  indices: 
    - index: "filebeat-jay-debug-%{[beat.version]}-%{+yyyy.MM.dd}" 
      when.contains:
        message: "debug"
    - index: "filebeat-jay-err-%{[beat.version]}-%{+yyyy.MM.dd}"
      when.contains:
        message: "err"
  username: "elastic"
  password: "${ES_PWD}"

Christian_Dahlqvist · March 19, 2018, 9:24am

How are you adding new content to the log file?

leyi1002 · March 20, 2018, 7:13am

It resolved.I use vim to manually add content，so it causes this problem.Using echo will work.

system · April 17, 2018, 7:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.