Elasticsearch to Elasticsearch duplicating messages

JeremyinNC · March 14, 2017, 12:18pm

Using ES 2.4.4 and Logstash 2.4.1 with the following config logstash appears to "loop" though the query results, ending up with the same documents being written over and over. Can someone help me figure out what I'm doing wrong?

input {
   elasticsearch {
   hosts => "es-analytics-int.dev.company.com"
   index => "logstash-event-*"
   size => 100
  query => '{"query":{"range":{"timestamp":{"gte":"2017-02-10T00:00:00.000Z","lte":"2017-03- 12T23:59:59.999Z"}}}}'
}}

filter {
  mutate {
    remove_field => [ "@timestamp" ]
    remove_field => [ "@version" ]
  }
date {
    locale => en
    match => [ "sentTimestamp" , "dd/MMM/yyyy:HH:mm:ss Z" , "yyyy-MM-dd HH:mm:ss,SSS" , "yyy-MM-dd HH:mm:ss,SSSZ" , "ISO8601" ]
    }

}
output {
        elasticsearch {
          hosts => "127.0.0.1"
         index => "logstash-%{type}-%{+YYYY.MM}"
      }
  }

system · April 11, 2017, 12:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch input on logstash duplicating documents Logstash	1	291	October 20, 2020
Logstash elasticsearch input plugin logs duplication Logstash	4	764	September 13, 2018
Duplicate entries in elastic for the same message Logstash	4	528	April 13, 2023
Duplicating message parts in Elastic dashboard Logstash	3	296	November 27, 2019
Fields repeating same values Elasticsearch	6	650	December 4, 2018

Elasticsearch to Elasticsearch duplicating messages

Related topics