Thanks so much for the feedback, Ivan. One more question: We have two different forms of rotated files (on *IX systems; no Windows servers): 1. Standard log4j rotation: The XXX.log file is renamed to XXX-<date>.log and a new XXX.log file is created. The name doesn't change, but the inode changes. 2. When we switched many of our applications to use log4j2, we don't rotate the log files using log4j2. Instead, we have a cron job that, once per hour, makes a copy of the XXX.log file and then truncates the XXX.log file; in the background it compresses the copy. In this case, the name doesn't change, the inode doesn't change, but the size suddenly drops to 0 before it starts filling again from the beginning.
The GNU tail -F command handles both of these equally perfectly. Does logstash also handle both of these cases? Thanks in advance! P.S. I am not a logstash expert either, but it's been a lot of fun to rediscover Elasticsearch from the ELK perspective (auto-mapping, auto-creation of indices, and so on). Brian On Saturday, June 21, 2014 10:42:37 AM UTC-4, Ivan Brusic wrote: > > The path shows an windows file name, so I am not sure if using tail would > work. On cygwin, there is no -F option, at least on the version I use. On > Linux, the file input works great, especially with rotated file. > > I am not a Logstash expert, but I use the file input with the sincedb > option (sincedb_path) and it has worked since day one. > > -- > Ivan > -- You received this message because you are subscribed to the Google Groups "elasticsearch" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/9f1433e1-748e-4a20-980f-5112a1f965fa%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
