0

i have fleet server and iis integration on my elk stack. Elastic agent on the iis server ships "../Logfiles/..log" files to elasticsearch but it sends all log files on that folder(est. there are 2 years logs) I just want to send last 3 months logs. How can i set that? i'm actually looking for ignore_older option.

ps: there are seperate log files for every day.

update: ignore_older is available in updated version of iis integration.

tazemeta
  • 1
  • 1
  • Hi Tazemate, yes the `ignore_older` is the setting you need. So I am not sure what your question is ? – Paulo Sep 29 '22 at 09:25
  • 1
    As far as i know, `ignore_older` option is not avilable for IIS integration in fleet. You can move your older files to the seperate folder or you can specify only file name which need to crawl in `Paths` for crwaling that files only. – Sagar Patel Sep 29 '22 at 09:40
  • Indeed it is a shame, as explained [here](https://www.elastic.co/guide/en/fleet/current/beats-agent-comparison.html#supported-configurations) it is not possible, > Input setting overrides -> Not configurable. Set to default values. – Paulo Sep 29 '22 at 10:05
  • thank you so much guys. i think i move forward to change my settings to "../Logfiles/.2022*.log and change it periodically – tazemeta Sep 29 '22 at 11:06

0 Answers0