Going to try my best to answer your questions by describing what I see happening. Hopefully my description helps you figure out what might need to be changed.
- Input: Runs every minute and grabbing documents where is_read field doesn't exist.
- Filter: Message field is converted to json. is_read is set to true
- Output: The document goes to standard out. The same document goes to email. The same document goes back to elasticsearch.
I'm not sure exactly the behavior you are going for, but as you can see each output module is independent of each other. Depending upon what you want to you can place conditionals around them.
Finally, you don't mention which version you are running but document_type for elasticsearch output is deprecated.