Duplicate Events in filebeat/auditbeat

RohanKumbhar · October 10, 2017, 4:39am

Hi Team,

There are few occasion where filebeat/auditbeat is indexing same log event or audit event twice in elasticsearch with different _id value.

Is this the expected behavior and is there any way to reduce duplication for the same?

Thanks,
Rohan

system · October 31, 2017, 4:40am

This topic was automatically closed after 21 days. New replies are no longer allowed.

Topic		Replies	Views
Duplication in Filebeat to Elasticsearch data pushing Beats filebeat	5	701	December 28, 2017
Filebeat + elasticsearch make duplicates events Beats filebeat	20	3204	December 4, 2018
Duplicate events with filebeat -> logstash -> elasticsearch pipeline Logstash	6	2353	November 28, 2017
Duplicate events in filebeat + logstash + elasticsearch pipeline Logstash	2	1913	July 6, 2017
Duplicate Winlogbeat Events - (Logstash publishing events twice) Beats winlogbeat	15	4106	May 10, 2016