My logstash output (elasticsearch) plugin is configured to update documents. Everything work well but in time of update document time field in discovery view don't update automaticaly (I have set auto-refresh option in kibana view). New time value appeared after reload save search or manual page reload.In table view timestamp is updated but not on main view.
First event:
Second event which should deduplicate but with time update
My logstash config:
input {
file {
path => "/xxx/xx/log/xxx.log"
codec => json
stat_interval => 0
}
}
filter {
......
}
fingerprint {
source => ["field1", "field2", "field3", "field4"]
target => "[@metadata][generated_id]"
key => "my-key"
}
output {
stdout {
codec => rubydebug { metadata => true }
}
elasticsearch {
host => localhost
action => "update"
protocol => "http"
document_id => "%{[@metadata][generated_id]}"
doc_as_upsert => true
}
}
I'm ELK beginner and could you help me if its is my logstash config issue or Kibana issue?
Kibana: 4.1.2
ES: 1.7.1
Logstash: 1.5.4