Hello,
I've been experiencing an issue where Kibana's monitoring is generating duplicate documents for both 'down' and 'recovery' statuses across all hosts. Below, I have provided the configuration of the rule and additional details. Currently, I am on Kibana version 8.11.4, but this issue has been occurring since version 8.7.0. I'm uncertain if this is a configuration error or a bug in Kibana.
There have been no changes made to Kibana's configuration during this period. The only significant change was relocating the Heartbeat module to a new server location. I do not observe any duplicate documents in the Heartbeat index itself. I'm at a loss as to where to look for a solution and would greatly appreciate any help.
I will attach screenshots of the configurations in Kibana and Heartbeat, as well as the indexed documents from Heartbeat and the monitoring alerts to provide further context.
DOCUMENTS INDEX BY KIBANA ALERT RULE
RULE CONFIGURATION
HEARTBEAT CONFIG
- type: icmp
id: PolXXX.254
name: PolXXX.254
hosts: ["XXX.254"]
enabled: true
schedule: "@every 15s"
ipv4: true
ipv6: false
mode: any
timeout: 2s
wait: 5s
tags: ["poXXX", "network", "availability"]
fields_under_root: true
fields: {host.ip: "XXX.254", host.bo: "PolXXX", "host.hostname": "PolXXX.254"}
Thank you in advance for any assistance or insights you can provide.
