input {
  file{
    path => ["c:/logstash/test/*"]
	codec => plain {
                    charset => "ISO-8859-1"
            }
  }
}
filter {
  grok {
    match => ["path","%{GREEDYDATA}/%{GREEDYDATA:filename}"]
  }
  if [message] =~ /Protokollstart/ {
	aggregate {
       task_id => "%{filename}"
       code => "map['gefunden'] = 0"
       map_action => "create"
     }
  } else if [message] =~ /Protokollende/ {
	aggregate {
       task_id => "%{filename}"
       code => "event.set('gefunden', map['gefunden'])"
       map_action => "update"
       end_of_task => true
       timeout => 120
     }
  } else if [message] =~ "findmich"{
	aggregate {
       task_id => "%{filename}"
       code => "map['gefunden'] += 1"
       map_action => "update"
     }
	 drop { }
  } else {
	 drop { }
  }
}
output {
 file {
   path => ["c:/logstash/log.txt"]
 }
}