I'm setting logstash for nginx error log, and output is ElasticSearch(ES)/Kibana. Reading log from files is good, but in ES, all of timestamp is 15:00:00 UTC. (I'm korean, and 15 UTC is midnight at korea.) It seems that logstash read log files at Once. (As you know, nginx log file is daily recorded.)
I just want to get log in real-time What is the problem?
I tried to fix that problem. so in pipeline conf, input-file configuration is
file {
path => "/home/<path>/<to>/nginx/logs/error.log.*"
start_position => beginning
sincedb_write_interval => 5
discover_interval => 10 #new file discover
stat_interval => 1 #
sincedb_path => "/dev/null"
}
but is not working..
