'exec' only once

Jonathan_Johnson · September 9, 2015, 3:53pm

Hi -- I'm sure this is simple but I can't figure it out.

my configuration:
Input: ES query
Filter: cipher
Output: File, exec cmd

So I query Elasticsearch and want to write those events to a single local file. That part is working.

However, the 'exec' statement (which uses the AWS S3 cp command to copy the file to a bucket) is called many times (I'm guessing once for each ES document?). How can I configure this so 'exec' is only executed one time, after the file output has been completed?

Thanks.

PS - I could not get the S3 Output plugin to work (it worked with stdin, but not with ES as input).

magnusbaeck · September 9, 2015, 5:31pm

There is no "done" concept in Logstash. Events are assumed to be part of an eternal stream. Each event is sent to every output and with the stock plugins there's no way to do what you want inside Logstash.

Topic		Replies	Views
Logstash output exec executed only once Logstash	3	675	August 16, 2018
BUG: Logstash Elasticsearch output plugin writes to one index Logstash	3	515	October 14, 2019
Logstash input exec Logstash	2	697	July 6, 2017
Logstash output not working when using logstash-s3-plugin Logstash	4	1117	October 20, 2017
How do I know/or make sure that elastic search does not add same log file twice? Logstash	3	851	July 6, 2017

'exec' only once

Related topics