elktail icon indicating copy to clipboard operation
elktail copied to clipboard

Published 20 hours ago verified publisher icon knes1

Can't follow starting from a particular time of day

Open jlee-made opened this issue 7 years ago • 0 comments

This is documented behaviour but seems to leave an important use case unsupported:

There seems to be no way to follow (tail) logs, skipping over a certain time period, because say you had a million errors from some bug and you can't/don't want to tail through all those:

  • Trigger a lot of logs somehow

  • Stop triggering lots of logs

  • elktail --url elasticsearch.example.com -f '%@timestamp %@message' -- '+@message:"error"' -> All the errors (for today's date, I guess?) are printed

  • elktail --url elasticsearch.example.com -a '2017-04-20T11:20:00' -f '%@timestamp %@message' -- '+@message:"error"' Expect: -> elktail does not print all the errors -> elktail tails forever Got: -> elktail does not print all the errors -> elktail exits

So it would be nice if when there's an -a (but no -b), elktail could tail (either always or when an extra flag is given).

jlee-made avatar Apr 20 '17 10:04 jlee-made