Logstash pipeline output | duplicate messages ending up indexes

Badger · September 17, 2019, 11:13pm

If the two configurations are completely separate from input to output I would strongly suggest using multiple pipelines. If there is overlap, or you are stuck on an old version then you can use something like

add_field => { inputTopic => "events" }

(with two different value for inputTopic) on the inputs to distinguish them, then use

output {
    if [inputTopic] == "events" {
        elasticsearch {
             ...
        }
    }
}

to send them to different end-points.

Even better, since you are using a kafka input, you can have the input decorate the metadata with the topic name and then make the output configuration conditional upon that.

Topic		Replies	Views
One kafka topic data is pushing to all elasticsearh Logstash	2	313	November 12, 2019
Multiple kafka topics using logstash and make index inside output with `.conf` file Logstash	3	274	February 27, 2024
How to send same data to multiple elastic clusters with logstash output Logstash	5	1626	November 29, 2019
Logstash multiple pipelines going into same index Logstash	3	2336	May 13, 2018
Logstash is sending logs to all output index configured in all conf's in pipeline Logstash windows	2	359	June 30, 2020

Logstash pipeline output | duplicate messages ending up indexes

Related topics