Hi team, This is my logstash config to get data, and I use fingerprint as _id in order to prevent duplication from data. But it still has duplicated event as below. Any help?
filter {
if [type] == "cve" {
fingerprint {
key => "123ABC"
method => "SHA256"
source => ["id"]
target => "[fingerprint]"
}
}
}
elasticsearch {
hosts => ["http://1x.1x.1x.2:9200"]
index => "hc-%{+YYYY.MM.dd}"
document_id => "%{fingerprint}"
}
The first event
"
_id
6bacf9435a4a7161994323d09d72ec3640418b31fb7544e5e3786fb7805a6b1d
_index
hc
_type
_doc
author
CVEnew
fingerprint
6bacf9435a4a7161994323d09d72ec3640418b31fb7544e5e3786fb7805a6b1d
"
The second event
"
_id
6bacf9435a4a7161994323d09d72ec3640418b31fb7544e5e3786fb7805a6b1d
_index
hc
_type
_doc
author
CVEnew
fingerprint
6bacf9435a4a7161994323d09d72ec3640418b31fb7544e5e3786fb7805a6b1d
"