I am able to see that there are two documents from the same report in a span of 30 seconds.How can I get the latest or unique record at that particular time stamp??
Is the second column the _id field? Elasticsearch shouldn't allow documents with duplicate IDs.
Hello @Bargs. Thank you for the reply. Yes the second column is the id. But the thing is we are getting the same report twice in a span of 30 seconds. How can I filter the double events???
Are you using _routing when indexing documents? That's the only way I can think of to get duplicate document IDs. If so, showing these "duplicates" is actually be design https://github.com/elastic/kibana/pull/38873.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.