旧日志不通过logstash导入到ES中 [英] Old logs are not imported into ES by logstash

问题描述

当我启动logstash时，旧的日志不会导入到ES中。

只有新的请求日志记录在ES中。

现在我已经看到a href =http://logstash.net/docs/1.4.0/inputs/file#start_position =noreferrer> doc 。

When I start logstash, the old logs are not imported into ES.
Only the new request logs are recorded in ES.
Now I've see this in the doc.

即使我设置了 start_position =>开始，旧的日志也不会被插入。

这只会在linux上运行logstash时发生。

Even if I set the start_position=>"beginning", old logs are not inserted.
This only happens when I run logstash on linux.

如果我使用相同的配置运行，旧的日志将被导入。

我甚至不需要设置

If I run it with the same config, old logs are imported.
I don't even need to set start_position=>"beginning" on windows.

任何关于这一点的想法？

Any idea about this ?

推荐答案

当您将输入日志读到Logstash时，Logstash将保留关于该文件读取的位置的记录，这是调用 sincedb 。

When you read an input log to Logstash, Logstash will keep an record about the position it read on this file, that's call sincedb.

Where to write the sincedb database (keeps track of the current position of monitored log files). 
The default will write sincedb files to some path matching "$HOME/.sincedb*"

所以，如果要导入旧的日志文件，您必须删除$ HOME上的所有.sincedb *。
然后，您需要设置

So, if you want to import old log files, you must delete all the .sincedb* at your $HOME. Then, you need to set

start_position =>开始

start_position=>"beginning"

在您的配置文件。

希望这可以帮助你。

这篇关于旧日志不通过logstash导入到ES中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！