I'm trying to use the elasticsearch input module to read an index and save it as an json-file on a share. My problem is that it never stop getting data until the disk is full.
I have an index and Kibana says its about 50Gb but when I stop my logstash-process the file is 1Tb and I can se that it have read the same records many times. How can I limit the module to read the index only once?
Here is my conf in logstash
input {
elasticsearch {
hosts => ["myhost"]
user => "elastic"
password => "password"
ca_file => "cert"
index => "winlogbeat-7.5.0-new-2020.01.01"
size => 500
scroll => "5m"
ssl => true
}
}
Best regards
Fredrik