Hi Team,
There are few occasion where filebeat/auditbeat is indexing same log event or audit event twice in elasticsearch with different _id value.
Is this the expected behavior and is there any way to reduce duplication for the same?
Thanks,
Rohan
This topic was automatically closed after 21 days. New replies are no longer allowed.