BACKGROUND:
We have rsyslog creating log files directories like: /var/log/rsyslog/SERVER-NAME/LOG-DATE/LOG-FILE-NAME
So multiple servers are spilling out their logs of different dates to a central location.
Now to read these logs and store them in elasticsearch for analysing I have my logstash config file something like this:
file{
path => /var/log/rsyslog/**/*.log
}
ISSUE:
Now we want to read log files after a particular date. Eg If in the directory /var/log/rsyslog there are logs of April, May, June 2015 and I want to read all logs after a particular date say > 15.05.2015.
Can this be achieved using logstash file input?
EDIT:
After reading more I guess it cannot be achieved using file input instead I can use drop filter to drop logs after a date.
Regex to drop where date > 15.05.2015 ?? How to achieve this using regex ??
