I want to ship the logs from a server to elk. I would like to know whether all the logs gets shipped everytime or only newly generated logs?
for example logs at point are A+B, they get shipped to elastic search. after 1 hour the logs are A+B+c.
My question is does filebeat ship only new generated C logs?
Filebeat keeps track of the files it has processed and only ships new lines.
filebeat:
prospectors:
# Each - is a prospector. Below are the prospector specific configurations
-
paths:
#- /var/log/*.log
- C:\filebeattesting\log*.log
registry_file: "C:/ProgramData/filebeat/registry"
output:
#elasticsearch:
# Array of hosts to connect to.
# Scheme and port can be left out and will be set to the default (http and 9200)
# In case you specify and additional path, the scheme is required: http://localhost:9200/path
# IPv6 addresses should always be defined as: https://[2001:db8::1]:9200
#hosts: ["10.40.104.27:9200"]
logstash:
# The Logstash hosts
hosts: ["10.40.40.128:5044"]
This topic was automatically closed after 21 days. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.