What method do you recommend to remove duplicates in an index, based on @timestamp and a field? somthing like this:
if @timestamp and interface_name are equal, delete one of the document
Use a fingerprint filter to hash those two together and set the document_id on the elasticsearch output. A document that has the same hash will overwrite an existing document with that id.