Clone plugin clone - how to use?

vaclav1 · November 30, 2020, 7:44am

Hello,

I tried to use clone plugin to get a single copy of the event.
However, it did not work. Version of our elastic stack - 7.9.2.
I have ids which are stored in one field - I use split on them and then I drop this field not to take so much space as in prod there are batches with 1000 records, but the target is to have one event (original) persisted and saved to have this batch once stored.

Here is a piece of my pipeline:

if [geimp][importResult][fail] {
                # Generate hashBatchId
                fingerprint {
                    method => "SHA1"
                    base64encode => true
                    source => [ "[geimp][importResult][fail]" ]
                    target => "[geimp][batchFingerprint]"
                }

                # Clone event to save the batch before message gets deleted
                clone {
                    clones => [ "clonedEvent" ]
                }

                # Split events
                split {
                    field => "[geimp][importResult][fail]"
                    target => "[geimp][importResult][fail]"
                    terminator => ", "
                }
                mutate {
                    remove_field => [ "[geimp][message]" ]
                }
            }

system · December 28, 2020, 7:44am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is it possible to access cloned event to add some more fields to it later on Logstash	2	305	October 1, 2020
Clone plugin documentation wrong or a bug? Logstash	6	1302	September 27, 2018
Splitting an event into multiple documents Logstash	5	4022	January 31, 2018
Logstash clone filter use event field as clones parameter Logstash	2	529	July 6, 2021
Help with Split Filter Logstash	4	227	July 6, 2021

Clone plugin clone - how to use?

Related Topics