Problem with duplicate data in field

ahongyun · July 11, 2017, 7:56am

Hi all

I have an issue with the data that is passed into elasticsearch from logstash
below is my logstash config.

if [type] == "coreservices-fs" or "coreservices-net" {
grok {
match => { "message" => [
"^%{TIMESTAMP_ISO8601:Time} [%{DATA:Thread}] %{GREEDYDATA:Logger} : %{LOGLEVEL:Severity} - %{GREEDYDATA:KEYMessage}",
"Process with pid=%{NOTSPACE:PID} %{GREEDYDATA:Info}\nService stopped at %{GREEDYDATA:StopTime} by",
"Start time %{GREEDYDATA:StartTime} by" ] } }
grok {
match => { "source" => "/appdir/%{NOTSPACE:Env_Name}/logs/%{WORD:Server}.%{WORD}.%{WORD:NPID}" } } }

the data being seen on kibana are as follows:

as you can see, for several fields, the data is repeated multiple times.

I cant seem to figure out why.

Any help would be greatly appreciated.

Thank you

magnusbaeck · July 12, 2017, 7:21pm

Please show the full configuration. All files in /etc/logstash/conf.d.

if [type] == "coreservices-fs" or "coreservices-mxnet" {

This conditional expression doesn't mean what you think it means. See Logstash sending same message to multiple indexes in ES - #2 by magnusbaeck.

ahongyun · July 13, 2017, 1:10am

Perfect.

Thanks

This is great.

system · August 10, 2017, 1:11am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Duplicate data showing in interesting fields Logstash	2	789	November 28, 2017
Why is the value in the field on kibana repeated? Logstash	3	453	July 7, 2021
Duplicate data parsed by Logstash, which cause duplicate data in Elasticsearch index Logstash	5	1617	October 6, 2017
Elasticsearch huge amount of duplicate with logstash Logstash	1	161	July 15, 2024
Elasticsearch huge amount of duplicate with logstash Logstash	0	23	September 16, 2024

Problem with duplicate data in field

Related topics