Hi Team,
I am using below configuration in logstash.conf for avoiding duplicate log entries:
filter{
uuid {
target => "@uuid"
overwrite => true
}
fingerprint {
source => ["message"]
target => "fingerprint"
key => "78787878"
method => "SHA1"
concatenate_sources => true
target => "[@metadata][fingerprint]"
}
}}
output {
elasticsearch {
host => localhost
document_id => "%{[@metadata][fingerprint]}"
}
stdout { codec => rubydebug }
}
Is there any issues on using this method.?
I don't remember if you need to add an extra option to the ES output to get upsert behavior. Apart from that possible issue this should be fine except. What's the purpose of the uuid field?
inorder to remove the duplication
But
uuid field anywhere in the rest of your configuration.so you mean "fingerprint" field is enough for removing the duplication?
Yes.
ohk....will it impact anything except duplication ?
Will what impact anything? The mere presence of the [@metadata][fingerprint] field?
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.