Log lines appearing twice

Eva · August 2, 2019, 12:22pm

Hello

I'm shipping json logs to Logstash and have used below config:

input {

beats {
port => 5044
}
beats {
port => 5045

}
}
filter{
if ([fields][app] == "abc") {
json {
source => "message"
}
split {
field => "message"
}
}
}
output {
elasticsearch {
hosts => "localhost:9200"
}
}

=======================
This is resulting in log lines to be appearing twice. Can someone please help me. I have tried few things that did not work out, like using mutate to remove the message field.

Thanks

Badger · August 2, 2019, 1:41pm

You are using a split filter, so you should expect multiple events for each input line. What does the input event look like?

Eva · August 2, 2019, 1:54pm

Input is log lines in json format. Is the filter incorrect?

Eva · August 5, 2019, 6:31am

Can I please get an answer on how to fix this please

Eva · August 7, 2019, 5:02am

I have removed the split filter but still see multiple lines. Can someone please help me with a fix for this.

system · September 4, 2019, 5:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.