I am using Filebeat to bring database information into Elasticsearch.
In some instances the existing table data (that has already been imported into Elasticsearch) is updated.
How can I use Filebeat to update this data within Elasticsearch?
Hello, @garry we call this deduplication, what you need to do is to have a unique id in the log and use that id as the document id in Elasticsearch. If you don't have an id, you can rely to fingerprinter to generate a unique hash for you and use that as the ID of the document. But in the later case you will need to use something like this https://www.elastic.co/blog/logstash-lessons-handling-duplicates
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.