The path shows an windows file name, so I am not sure if using tail would work. On cygwin, there is no -F option, at least on the version I use. On Linux, the file input works great, especially with rotated file.
I am not a Logstash expert, but I use the file input with the sincedb option (sincedb_path) and it has worked since day one. -- Ivan On Fri, Jun 20, 2014 at 5:07 PM, Brian <[email protected]> wrote: > Eitan, > > My recommendation is to use the stdin input in logstash and avoid its file > input. Then, for testing you pipe the file into your logstash instance. But > in production, you should run the GNU version of *tail -F* (uppercase F > option) to correctly follow all forms of rotated logs, and the pipe that > output into your logstash instance. > > I don't know just how robust logstash's file input is, but the GNU version > of tail with the -F option is perfect, so there's no guesswork and no > dependency on hope. Note that even Splunk has a currently open bug with > losing data while trying to follow a rotated file. > > Also, I added the multiline processing to the filters; it didn't seem to > work when applied as a stdin codec. Now it works very well together. > > Anyway, that's what our group is doing. > > And yes, the logstash-users > <https://groups.google.com/forum/#!forum/logstash-users> group is also > rather active and is a good place for logstash-specific help. > > Brian > > -- > You received this message because you are subscribed to the Google Groups > "elasticsearch" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/elasticsearch/9bbe59f4-93f1-4b59-8258-89301a8c5469%40googlegroups.com > <https://groups.google.com/d/msgid/elasticsearch/9bbe59f4-93f1-4b59-8258-89301a8c5469%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CALY%3DcQBxiUi%2BUNuyHUN9vM5z0bPsFyCYV%2BeZV3C1r5jzApOJww%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
