Drop previous csv lines if field value already exists

Micah_Barsness · January 10, 2022, 8:52pm

I'd like to know if there is a way to drop/overwrite previous csv documents if a field value already exists.

In my screenshot above globalCallID is what I want to match on.

Take globalCallID_callID number 263504...

That document would only exist in Elasticsearch as:

Micah_Barsness · January 10, 2022, 8:55pm

Would it be possible to do something similar to this? Logstash - how to overwrite document instead of creating new ones

output {
    elasticsearch {
        host => 'your es host'
        action => 'update'
        document_id => "%{[globalCallID_callId]}"
        index => 'your index name
    }
}

Topic		Replies	Views
Logstash - update CSV content changes into ES Logstash	9	1419	May 8, 2019
How not to overwrite duplicates? save old documents Logstash	3	923	July 23, 2020
Prevent the loss of existing fields while using document_id of elasticsearch output plugin Logstash	3	340	May 7, 2020
Update existing document Logstash	3	235	June 9, 2022
Updating existing fields with new data pulled from .csv Elasticsearch	1	1017	October 15, 2017

Drop previous csv lines if field value already exists

Related topics