Count of DeDuplicated Message from Logstash in ElasticSearch


(Rahul Nadella) #1

Currently using ElasticSearch 2.1.1, Logstash 2.1.1, and FileBeat 1.0.

I have implemented the document_id and am wondering if it is possible to keep track of the count of these records.

I am planning on having another index that only has IPAddress's based hourly index and would rather keep track of the count rather than duplicating the same record. This way my index would have far fewer documents in it over the customer given time period.


(system) #2