Can't follow starting from a particular time of day
Opened this issue · 0 comments
This is documented behaviour but seems to leave an important use case unsupported:
There seems to be no way to follow (tail) logs, skipping over a certain time period, because say you had a million errors from some bug and you can't/don't want to tail through all those:
-
Trigger a lot of logs somehow
-
Stop triggering lots of logs
-
elktail --url elasticsearch.example.com -f '%@timestamp %@message' -- '+@message:"error"'
-> All the errors (for today's date, I guess?) are printed -
elktail --url elasticsearch.example.com -a '2017-04-20T11:20:00' -f '%@timestamp %@message' -- '+@message:"error"'
Expect:
-> elktail does not print all the errors
-> elktail tails forever
Got:
-> elktail does not print all the errors
-> elktail exits
So it would be nice if when there's an -a (but no -b), elktail could tail (either always or when an extra flag is given).