Hello,
I'm new with logstash. I insert several files (doc and pdf format) into ES via logstash and it did well, but i'm desappointed by the field which name is message (fullfilled with the content of my file).
In fact, each file is divided in 2 or 3 messages in ElasticSearch. And when i'm doing a count in ES, of course it doesn't give me the right information...
See my configuration file for logstash:
input { file {
path => "D:/BaseCV/*"
codec => multiline {
pattern => ""
what => "next"
} }}
filter {
mutate { add_field => { "[metadata][nom]" => "nom" } }
mutate { add_field => { "[metadata][prenom]" => "prenom" } }
mutate { add_field => { "[metadata][date]" => "dd/MMM/YYYY HH:mm:ss" } }
}
output {
stdout { codec => rubydebug { metadata => true } }
elasticsearch {
hosts => "localhost"
index => "cvindex"
document_type => "file"
}}
Please, how can I ameliorate this file.conf in order to have always 1 message per file ?
I am also facing same issue.please let me know if you have resolved this.