Logstash 是否可以将相同的内容从日志文件推送到 ElasticSearch
Is it possible Logstash push same content from log file to ElasticSearch
logstash 配置将日志文件设置为输入源,然后将内容发送到 ElasticSearch。
input部分如下
input{
file{
path => "/data/logs/backend.log*"
start_position => "beginning"
}
}
然后日志文件会按大小滚动,也就是说最开始的日志文件名是backend.log,当文件大小达到10M时,再重命名为backend.log.1,并且创建新的空 backend.log 以记录内容。
所以问题是logstash是否会将backend.log.1的内容发送到es服务器?或者ElasticSearch是否能够区分backend.log.1的内容已经收到,虽然这似乎效率不高。
file 输入文档包含一整段关于它如何处理 rotation
File rotation is detected and handled by this input, regardless of whether the file is rotated via a rename or a copy operation. To support programs that write to the rotated file for some time after the rotation has taken place, include both the original filename and the rotated filename (e.g. /var/log/syslog and /var/log/syslog.1) in the filename patterns to watch (the path option).
由于 tail 模式是默认模式,您的 path 参数应确保使用 glob 模式来捕获所有文件,就像您所做的那样。所以你已经准备好了。拖尾快乐!
logstash 配置将日志文件设置为输入源,然后将内容发送到 ElasticSearch。
input部分如下
input{
file{
path => "/data/logs/backend.log*"
start_position => "beginning"
}
}
然后日志文件会按大小滚动,也就是说最开始的日志文件名是backend.log,当文件大小达到10M时,再重命名为backend.log.1,并且创建新的空 backend.log 以记录内容。
所以问题是logstash是否会将backend.log.1的内容发送到es服务器?或者ElasticSearch是否能够区分backend.log.1的内容已经收到,虽然这似乎效率不高。
file 输入文档包含一整段关于它如何处理 rotation
File rotation is detected and handled by this input, regardless of whether the file is rotated via a rename or a copy operation. To support programs that write to the rotated file for some time after the rotation has taken place, include both the original filename and the rotated filename (e.g. /var/log/syslog and /var/log/syslog.1) in the filename patterns to watch (the path option).
由于 tail 模式是默认模式,您的 path 参数应确保使用 glob 模式来捕获所有文件,就像您所做的那样。所以你已经准备好了。拖尾快乐!