Drop previous csv lines if field value already exists

Micah_Barsness · January 10, 2022, 8:52pm

I'd like to know if there is a way to drop/overwrite previous csv documents if a field value already exists.

In my screenshot above globalCallID is what I want to match on.

Take globalCallID_callID number 263504...

That document would only exist in Elasticsearch as:

Micah_Barsness · January 10, 2022, 8:55pm

Would it be possible to do something similar to this? Logstash - how to overwrite document instead of creating new ones

output {
    elasticsearch {
        host => 'your es host'
        action => 'update'
        document_id => "%{[globalCallID_callId]}"
        index => 'your index name
    }
}

system · February 7, 2022, 8:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Append field if document_id already exists Logstash	1	489	March 20, 2018
Logstash Update or Insert - logic for updating if existing Logstash	4	14376	April 13, 2017
How not to overwrite duplicates? save old documents Logstash	3	808	July 23, 2020
Field value should not be updated if document already exists Logstash	2	840	June 27, 2017
Drop documents if certain field values are the same as the previous document Logstash	3	423	January 2, 2018

Drop previous csv lines if field value already exists

Related topics