Ufdjrw

Error during using callback start_page_number in lualatex

Shifting between bemols (flats) and diesis (sharps)in the key signature

Child Theme Path Being Ignored With wp_enqueue_scripts

Accepted offer letter, position changed

Are babies of evil humanoid species inherently evil?

Find longest word in a string: are any of these algorithms good?

Can you reject a postdoc offer after the PI has paid a large sum for flights/accommodation for your visit?

Coax or bifilar choke

Does the nature of the Apocalypse in The Umbrella Academy change from the first to the last episode?

Declaring and defining template, and specialising them

Conservation of Mass and Energy

An alternative proof of an application of Hahn-Banach

Intuition behind counterexample of Euler's sum of powers conjecture

What is the magic ball of every day?

They call me Inspector Morse

Is it work or heat?

Plausibility of Mushroom Buildings

Signed and unsigned numbers

How to secure an aircraft at a transient parking space?

What are some noteworthy "mic-drop" moments in math?

Bash script should only kill those instances of another script's that it has launched

In the late 1940’s to early 1950’s what technology was available that could melt a LOT of ice?

In the quantum hamiltonian, why does kinetic energy turn into an operator while potential doesn't?

Do I really need to have a scientific explanation for my premise?

Filebeat reads old files sometimes

0

I have a folder with log files from 2016-present and setup filebeat with "ignore_older: 48h". All the files get rotated so that "log" is always the new one, "log.1" is the next etc.
Logs are on linux NFS partition mounted on the logstash host.

I expect filebeat to get only log files that where changed in the last 24h and ignore the older ones.

The above happens except from time to time it also gets older files in no specific order.

I ran "stat" command on one of the older file from 2018 and i see the following:

Access: 2019-03-02 03:15:32.254460960 +0000
Modify: 2018-09-06 13:12:00.331460890 +0000
Change: 2019-02-28 03:34:33.946462475 +0000

I run filebeat version 6.4.2

Is this data confusing Logstash? What is it actually looking at when checking if a file has changed. How can i stop it from taking older files.

UPDATE:

My filebeat configuration looks like this:

- type: log
 enabled: true
 paths:
 - /path/to/my/log/file/log*
 fields:
 logname: "log.name"
 include_lines: ["SOME_TEXT"]
 ignore_older: 48h

Logs are in CSV format.

linux logging filebeat inode

share|improve this question

edited Mar 8 at 13:26

Daniel

asked Mar 6 at 15:27

DanielDaniel

234520

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Please show the relevant code and state the exact error. Also see How to create a Minimal, Complete, and Verifiable example.
  
  – jww
  Mar 8 at 5:59
  

  
  
  
  

add a comment | 

0

I have a folder with log files from 2016-present and setup filebeat with "ignore_older: 48h". All the files get rotated so that "log" is always the new one, "log.1" is the next etc.
Logs are on linux NFS partition mounted on the logstash host.

I expect filebeat to get only log files that where changed in the last 24h and ignore the older ones.

The above happens except from time to time it also gets older files in no specific order.

I ran "stat" command on one of the older file from 2018 and i see the following:

Access: 2019-03-02 03:15:32.254460960 +0000
Modify: 2018-09-06 13:12:00.331460890 +0000
Change: 2019-02-28 03:34:33.946462475 +0000

I run filebeat version 6.4.2

Is this data confusing Logstash? What is it actually looking at when checking if a file has changed. How can i stop it from taking older files.

UPDATE:

My filebeat configuration looks like this:

- type: log
 enabled: true
 paths:
 - /path/to/my/log/file/log*
 fields:
 logname: "log.name"
 include_lines: ["SOME_TEXT"]
 ignore_older: 48h

Logs are in CSV format.

linux logging filebeat inode

share|improve this question

edited Mar 8 at 13:26

Daniel

asked Mar 6 at 15:27

DanielDaniel

234520

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Please show the relevant code and state the exact error. Also see How to create a Minimal, Complete, and Verifiable example.
  
  – jww
  Mar 8 at 5:59
  

  
  
  
  

add a comment | 

I have a folder with log files from 2016-present and setup filebeat with "ignore_older: 48h". All the files get rotated so that "log" is always the new one, "log.1" is the next etc.
Logs are on linux NFS partition mounted on the logstash host.

I expect filebeat to get only log files that where changed in the last 24h and ignore the older ones.

The above happens except from time to time it also gets older files in no specific order.

I ran "stat" command on one of the older file from 2018 and i see the following:

Access: 2019-03-02 03:15:32.254460960 +0000
Modify: 2018-09-06 13:12:00.331460890 +0000
Change: 2019-02-28 03:34:33.946462475 +0000

I run filebeat version 6.4.2

Is this data confusing Logstash? What is it actually looking at when checking if a file has changed. How can i stop it from taking older files.

UPDATE:

My filebeat configuration looks like this:

- type: log
 enabled: true
 paths:
 - /path/to/my/log/file/log*
 fields:
 logname: "log.name"
 include_lines: ["SOME_TEXT"]
 ignore_older: 48h

Logs are in CSV format.

linux logging filebeat inode

share|improve this question

edited Mar 8 at 13:26

Daniel

asked Mar 6 at 15:27

DanielDaniel

234520

Access: 2019-03-02 03:15:32.254460960 +0000
Modify: 2018-09-06 13:12:00.331460890 +0000
Change: 2019-02-28 03:34:33.946462475 +0000

- type: log
 enabled: true
 paths:
 - /path/to/my/log/file/log*
 fields:
 logname: "log.name"
 include_lines: ["SOME_TEXT"]
 ignore_older: 48h

share|improve this question

edited Mar 8 at 13:26

Daniel

asked Mar 6 at 15:27

DanielDaniel

234520

share|improve this question

edited Mar 8 at 13:26

Daniel

asked Mar 6 at 15:27

DanielDaniel

234520

asked Mar 6 at 15:27

DanielDaniel

234520

asked Mar 6 at 15:27

DanielDaniel

234520