我想只将新创建的日志从 logstash-forwarder 转发到 logstash服务器 我有一个 logstash-forwarder.conf 文件
{
"network": {
"servers": [ "X.X.X.X:5001" ],
"ssl certificate": "/etc/ssl/certs/logstash-forwarder.crt",
"ssl key": "/etc/ssl/private/logstash-forwarder.key",
"ssl ca": "/etc/ssl/certs/logstash-forwarder.crt",
"timeout": 300
},
# The list of files configurations
"files": [
{
"paths": [ "/home/user/Programs/zookeeperlog.log" ],
"fields": { "logtype": "zookeeper-log", "type": "logs" }
},
{
"paths": [ "/var/log/syslog" ],
"fields": { "logtype": "kafka-log", "type": "logs" }
},
{
"paths": [ "/var/log/syslog" ],
"fields": { "logtype": "storm-log", "type": "logs" }
}
]
}
我想知道是否有类似“start_position => end”的选项可添加到此配置文件中。 我还尝试在运行logstash-forwarder时使用-tail = true。它需要快照,但收获似乎不是注册商事件。它仅在没有-tail命令行选项的情况下注册事件,或者在给出-tail = false时注册事件,从而开始转发所有日志。