Duplicate Events captured in Indexes

Sameer_Panicker · May 24, 2017, 6:12am

I have 2 indexes named MyIndex1 and MyIndex2.

I have 2 different conf files targeting multiple paths. Both conf has different paths completely. These conf at the end has individual index names. The only common thing is that both the conf files are present under a single folder named Configurations.
I have used logstash -f Configurations as the command line to use all the conf's present under the folder.
The problem which I am seeing here is that, events from these paths are captured successfully...but it is present in both the indexes.

Am I missing something or made a mistake ?

Nico-DF · May 24, 2017, 6:53am

When you have several conf files, logstash marges them and consider it as a unique conf file. So if your output only changes according to the file (and not other filter), then it's normal.

What you can do is, if for example, input is file type, to add a different tag in the input and then filter the output index accordingly to the tag

Sameer_Panicker · May 26, 2017, 2:49pm

I have now added the type field as a IF check, to capture things in appropriate indexes. Thanks !!!

system · June 23, 2017, 2:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Separate configs, different indexes yet both logs go to both indexes Logstash	2	536	October 30, 2017
Duplicate entries for same data in multiple indices Logstash	3	1332	March 28, 2018
2 conf sending data to the same index Logstash	8	341	June 17, 2023
Are Logstash conf files combined in some way? Logstash	5	369	May 14, 2019
Multiple Logstash conf files with the same Index Logstash	1	1015	July 25, 2017

Duplicate Events captured in Indexes

Related topics