Hello, I have SIEM-like logs (with a unique identifier field) in a log flow (two or more logs, in every update/log there's extra info or updaded info). I need to preserve the last log or aggregate all the logs into one with only the non-repeated info or new fields. How can I do this? I know there's …

Aggregate similar Logs

Badger April 19, 2022, 4:53pm 2

You might be able to use an aggregate filter. Another option might be to have logstash output a text file that you can curl into the Elasticsearch _bulk API.

Topic		Replies	Views
Merging multiple logstash output document into one by a common field Logstash	1	434	January 20, 2019
Logstash Aggregate filter inside Elasticsearch Elasticsearch	1	151	January 6, 2023
Logstash aggregate/mutate Logstash	5	1147	July 18, 2020
Aggregate filter Logstash	1	888	October 24, 2017
Aggregate filter dilemma Logstash	5	333	January 23, 2021

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Aggregate similar Logs

Related topics