Problem using Elasticsearch input module

Frippen · June 4, 2020, 5:50am

I'm trying to use the elasticsearch input module to read an index and save it as an json-file on a share. My problem is that it never stop getting data until the disk is full.

I have an index and Kibana says its about 50Gb but when I stop my logstash-process the file is 1Tb and I can se that it have read the same records many times. How can I limit the module to read the index only once?

Here is my conf in logstash

input {
    elasticsearch {
        hosts => ["myhost"]
        user => "elastic"
        password => "password"
        ca_file => "cert"
        index => "winlogbeat-7.5.0-new-2020.01.01"
        size => 500
        scroll => "5m"
        ssl => true
    }
}

Best regards
Fredrik

system · July 2, 2020, 5:50am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash with elasticsearch input and output keep looping results forever Logstash	3	886	March 22, 2019
Logstash read new data in elasticsearch as input? Logstash	8	2495	July 6, 2017
How to use elasticsearch input plugin in logstash to get more than 10000 results from ES Logstash	11	4198	July 4, 2018
Logstash elasticsearch input plugin query size not working Logstash	1	588	June 29, 2020
Read mode input plugin and sincedb Logstash	1	383	March 24, 2020

Problem using Elasticsearch input module

Related topics