i set a base of 20000 lines which ones are visualized correctly on kibana
when i add 1 line
elastic read again all the lines then on kibana there are 40001 lines and of course it is not what i expected.
why and how to avoid that behavior ?
More details, please. How are you feeding ES with the data?
copy past the line
and add it on xml file ...saved
in // file on notepad ++ is updated with the new line
it is red by elastic using a logstach.bat
When you append the line with Notepad++ it actually writes a new file and deletes the old one (while keeping the old file's name). This confuses Logstash. Append the new line with e.g.
echo new line >> logfile instead.