Hello,
I am trying to deploy a redundant solution where I have end devices logging over syslog to my logstash server. I already have a single logstash server running.
Is is possible to send the syslog logs to multiple logstash servers without receiving duplicate data in my elasticsearch? I want to do this so I have high availability and can restart one of the logstash machines.
If you use a fingerprint filter to hash the contents of the event then you can use the document_id option on the elasticsearch output to set the document id. A second copy of the document will then overwrite the first.
2 Likes
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.