I'm a beginner to logstash. I have created multiple documents based on some grok pattern for a particular log event.
Now, before passing documents to elastic search I want to merge those documents having common field into a single document.I'm not sure if I can do this using aggregate filter.
So either I can combine similar log events into a single log or I can merge similar output documents into one document.
Which is better and How can I achieve this ?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.