Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Delete logs after consumption: logstash

Tags:

logging

logstash

logstash-file

I have logstash watching a directory on the host. Every time it sees a log that matches the path I specified in the logstash config it starts to import the data into my elasticsearch cluster. Does logstash have a way to delete the log after it is done consuming it?

i want to write script to delete the logs that logstash already done with but how should i know which logs he done with ?

maybe u guys done this before or have an idea how to implement this?

like image 360
tomer Avatar asked Jun 10 '15 14:06

tomer

People also ask

Where are logs stored in Logstash?

The default location is /var/log/elasticsearch,/var/log/logstash, /var/log/kibana. But again they can be define to go where ever via the /etc/sysconfig/(logstash,elasticsearch,kibana) configs.

How do I check Logstash logs?

Logstash Logging In this case, the first place you need to check is the Logstash logs (Linux: /var/log/logstash/logstash-plain. log). Here, you might find the root cause of your error. Another common way of debugging Logstash is by printing events to stdout.

Can Filebeat Delete Logs?

Filebeat does not have the capabilities to handle deleting files from a host's filesystem after they have been processed. The best option is to use a cron job or scheduled task on your OS to delete them after a safe period of time.

1 Answers

Logstash is currently not able to delete files. The focus of the file input plugin is to continuously monitor files but there's no way of knowing when the file is done, i.e. when no more writes will take place.

If you know when the files are "done" you could invoke Logstash and feed the files via the stdin input plugin. Logstash will terminate upon receiving end-of-file and then your script could delete the file.

You could also read the sincedb files and compare Logstash's current file offset with the size of the corresponding file. See Understanding sincedb files from Logstash file input for details on the format of the sincedb files.

Or you could just make sure you have enough disk space and use regular log rotation to delete files based on e.g. age. Disk space is probably cheaper than your time.

like image 90
Magnus Bäck Avatar answered Oct 12 '22 16:10

Magnus Bäck
Sign in to Comment

Related questions

Where does system.out.println print from a JSP?
How do I configure logging for a grails plugin?
Logback, set max history files per day
Disable console printing in Log4js
Access Properties Defined in Logback programmatically
How to inject logger using Google Guice
Logging to specific error log file in scrapy
get list of named loglevels
Turn off debug or log messages in log4j.xml
How to implement auto archiving for log file using Log4Net
Gradle Logging Output Levels
logging verbosity mysql 5.7
How to programmatically setup slf4j logger with SLF4JBridgeHandler
Laravel log max file is not working
How to correlate log events in distributed Vertx system
Why use multiple arguments to log instead of interpolation?
print `this` variable in android
how to write to kiwi syslog server log c#
log4net: different logs on different file appenders at runtime
Why "Failed to define class" WARN from server startup?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!