'exec' only once

Hi -- I'm sure this is simple but I can't figure it out.

my configuration:
Input: ES query
Filter: cipher
Output: File, exec cmd

So I query Elasticsearch and want to write those events to a single local file. That part is working.

However, the 'exec' statement (which uses the AWS S3 cp command to copy the file to a bucket) is called many times (I'm guessing once for each ES document?). How can I configure this so 'exec' is only executed one time, after the file output has been completed?

Thanks.

PS - I could not get the S3 Output plugin to work (it worked with stdin, but not with ES as input).

There is no "done" concept in Logstash. Events are assumed to be part of an eternal stream. Each event is sent to every output and with the stock plugins there's no way to do what you want inside Logstash.