Logstash - Removing duplicity from array

vasek · April 2, 2020, 7:12am

Hello,
I would like to share the experience with removing duplicity from array in Logstash.

I used this approach before:
I was checking whether value was already being present in array.

  if ( [host][name] and ([host][name] not in [host][address])) {
    mutate {
      add_field => { "[host][address]" => "%{[host][name]}" }
    }
  }

  if ( [agent][hostname] and ([agent][hostname] not in [host][address])) {
    mutate {
      add_field => { "[host][address]" => "%{[agent][hostname]}" }
    }
  }

With ruby we can remove duplicity by uniq function very easily.
We can remove checks for testing presence of some value in array,

  if ( [host][name] ) {
    mutate {
      merge => { "[host][address]" => "[host][name]" }
    }
  }

  if ( [agent][hostname] ) {
    mutate {
      merge => { "[host][address]" => "[agent][hostname]" }
    }
 } 

ruby {
    code => "

       array = event.get('[host][address]')
       is_array = array.kind_of?(Array)

       if is_array
         event.set('[host][address]', event.get('[host][address]').uniq)
       end

     "
  }

I hope it will save you some time.

system · April 30, 2020, 7:16am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Remove duplicates in a logstash array Logstash	3	3143	May 24, 2018
Logshash filter plugin ruby code to remove duplicates from a json array of json address objects Logstash	2	22	July 22, 2024
Removing item from array based on string value from another field Logstash	7	719	August 6, 2021
How to remove duplicate values in logstash Logstash	2	1596	September 3, 2019
Any sane way to filter/remove fields in an array such as [0], [1]? Logstash	1	238	August 5, 2021

Logstash - Removing duplicity from array

Related topics