将logstash升级到7.0.0后,它将在午夜后滚动文件时停止收集日志。升级之前,一切正常。要强制它提取新文件,我需要重新启动它。
由于我使用了尾部模式,因此它应该可以工作(文档显示:When files are rotated, the smaller or zero size is detected, the current position is reset to zero and streaming continues.),但实际上并没有。
这是我的配置
input {
file {
codec => multiline {
charset => "UTF-8"
pattern => "^%{TIMESTAMP_ISO8601} "
max_lines => 2000
negate => true
what => previous
}
path => "[path].log"
start_position => beginning
sincedb_path => "NUL"
}
}
filter {
grok {
match => {"path" => "%{GREEDYDATA}/%{GREEDYDATA:application}"}
}
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} \[%{DATA:thread}\] (?<level>.....) %{DATA:logger} - %{GREEDYDATA:message}" }
overwrite => [ "message" ]
}
date {
match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSS"]
target => "@timestamp"
}
}
output {
elasticsearch {
hosts => [ "[host]" ]
user => "[user]"
password => "[somepass]"
}
stdout {
codec => rubydebug
}
}
有什么线索可以解决这个问题吗?