Thanks once more Chris.
Even with that setting I was still getting duplicated entries, in the end the only way I was able to resolve this to only have one event reported was to add the following fingerprint processor
- module: kubernetes
I am not sure this is the best approach, but its feasible and does not seem to have bad side effects. I just want to store the kubectl events in a compact way for auditing.
I leave this here, but let me know if there is a better solution.