Field with duplicate values, keep only one

victor.nilsson · November 13, 2019, 1:11pm

Hi,

We're parsing logs with the GROK filter and have set the option "brean_on_match" to false. This allows us to be absolutely sure that we don't miss a field but at the same time allows for multiple matches in a single message. That will then result in duplicate values for certain fields, for example:

SrcIP: 192.168.1.234, 192.168.1.234

Is there a way we can check if there are multiple values in a field and only keep the first one?

system · December 11, 2019, 1:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Remove duplicate field value Logstash	4	1045	December 8, 2017
Accidentally Getting duplicate values in field Logstash	2	985	March 1, 2019
Logstash create value based on duplicate field Logstash	6	388	November 5, 2020
Grok add_field creates two values Logstash	2	5824	July 6, 2017
Duplicate data showing in interesting fields Logstash	2	789	November 28, 2017

Field with duplicate values, keep only one

Related topics