Make the elasticsearch-input return only one hit

Hi,

I'm trying to use Logstash to ingest just one hit from an Elasticsearch index.

This is my input configuration

input{
 elasticsearch{
     hosts=>["logmgrappa.risorse.int:9200","logmgrappb.risorse.int:9200","logmgrappc.risorse.int:9200","logmgrappd.risorse.int:9200"]
     index=>"index*"
     query=> '{"size":1,"query":{"query_string":{"query":"action: ERRORE* AND \"AddDocumentWithCategory\""}}}'
     size=>1
     schedule=> "* * * * *"
     ssl=>true
     ca_file=>"/path/to/cert.pem"
     user=>"***"
     password=>"***"
 }
}

But Logstash continue to return all the documents that match the query.

Can someone help me?

Thanks a lot.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.