What method do you recommend to remove duplicates in an index, based on @timestamp and a field? somthing like this:
if @timestamp and interface_name are equal, delete one of the document
Use a fingerprint filter to hash those two together and set the document_id on the elasticsearch output. A document that has the same hash will overwrite an existing document with that id.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.