我搭建的日志分析系統(tǒng)，用filebeat作為輸入直接輸入到es中，中間沒有l(wèi)ogstash。發(fā)現(xiàn)有個問題，監(jiān)聽的某個文件只要有修改就會把該文件所有數(shù)據(jù)輸入到es中，早晨會有數(shù)據(jù)重復。請問這個問題怎么解決。我的filebeat配置文件如下：

filebeat.prospectors:

- type: log
  enabled: true
  json.keys_under_root: true
  json.overwrite_keys: true
  json.message_key: log
  tail_files: true
  harvester_buffer_size: 16384
  backoff: "1s"
  document_type: "car"
  paths:
    - /usr/local/elasticsearch/logs/*.log

#============================= Filebeat modules ===============================
filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false
#==================== Elasticsearch template setting ==========================

setup.template.pattern: "filebeat-%{[beat.version]}-*"
setup.template.name: "filebeat-%{[beat.version]}"
setup.template.settings:
  index.number_of_shards: 3

output.elasticsearch:
  hosts: ["192.168.220.111:9200"]
  index: "filebeat-car-%{+yyyy.MM.dd}"


processors:
 - decode_json_fields:
     fields: ["message"]
     process_array: false
     max_depth: 1
     target: ""
     overwrite_keys: false

json.keys_under_root: true
json.overwrite_keys: true

還望大神解答！