Hello all 
I'm working with Logstash 2.3.4 and I'm facing a strange problem regarding the behaviour of the input feature.
Here's the situation :
I work with a very simple input configuration :
input {
file {
path => "/var/log/*/logs"
start_position => "beginning"
ignore_older => 0 # Also take existing older files
sincedb_path => "/opt/logstash/conf/since.txt"
}
}
Under /var/log, I have 2 objects for each application : one folder and one symbolic link pointing to that folder, say :
the folder /var/log/appli1/ and the symlink /var/log/appli1_ln/ pointing to /var/log/appli1/
Under /var/log/appli1/ is located the log file I want to parse ( /var/log/appli1/logs)
As an output, logstash processes the entire file for each single line added to /var/log/appli1/logs, if i delete the symlink, logstash goes back to a normal behaviour and outputs a single line for each new line added to the log.
Could you please help, I cannot remove the symbolic links as they are part of the implementation of my work infrastructure.
Thank you.