Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/logging/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Logging 麋鹿堆栈-如何将所有旧日志回填到elasticsearch?_Logging_<img Src="//i.stack.imgur.com/RUiNP.png" Height="16" Width="18" Alt="" Class="sponsor Tag Img">elasticsearch_Back_Fill_Elastic Stack - Fatal编程技术网 elasticsearch,back,fill,elastic-stack,Logging,elasticsearch,Back,Fill,Elastic Stack" /> elasticsearch,back,fill,elastic-stack,Logging,elasticsearch,Back,Fill,Elastic Stack" />
Fatal编程技术网
  • logging/
  • Logging 麋鹿堆栈-如何将所有旧日志回填到elasticsearch?

Logging 麋鹿堆栈-如何将所有旧日志回填到elasticsearch?

logging

Logging 麋鹿堆栈-如何将所有旧日志回填到elasticsearch?,logging,elasticsearch,back,fill,elastic-stack,Logging,elasticsearch,Back,Fill,Elastic Stack,我已经设置了ELK+filebeat,日志即将进入,但我想将所有旧日志回填到日志库中。我该怎么做?人们提到删除sincedb文件和/或将其添加到我的logstash input.conf: file { path => "/var/log/xx/xx.log" start_position => "beginning" sincedb_path => "/dev/null" } 但是我把它添加到我的输入配置中并重新启动了log

我已经设置了ELK+filebeat,日志即将进入,但我想将所有旧日志回填到日志库中。我该怎么做?人们提到删除sincedb文件和/或将其添加到我的logstash input.conf:

  file {
      path => "/var/log/xx/xx.log"
      start_position => "beginning"
      sincedb_path => "/dev/null"
     }
但是我把它添加到我的输入配置中并重新启动了logstash,在Kibana中仍然看不到旧的日志。我也找不到每个人都引用的sincedb_*文件。我的ELK节点是RHEL服务器

谢谢

如果这些文件是旧的,最好也添加到配置中

  file {
      path => "/var/log/ptsfd-mms/ptsfd-mms.log"
      start_position => "beginning"
      sincedb_path => "/dev/null"
      ignore_older => 0
  }
嗨,瓦尔,谢谢你的反馈。将该参数添加到我的配置并重新启动logstash和filebeat并没有将我的日志回填到Kibana中。您可以使用
--debug
启动logstash并共享您的日志吗?