Why is the value in the field on kibana repeated?

Cong_To · June 9, 2021, 10:17am

Update: I found the cause, the error was because I had two configuration files in the logstash folder and they had the same grok.

Thank you for following.

Hi

I use ELK version 7.13.1 on Ubuntu 18.04. I tried reading the log from the file https://s3.amazonaws.com/logzio-elk/apache-daily-access.log.
After creating the index and going back to the discovery tab on kibana, I see some fields with values repeated twice. Raw log files are not duplicated.

I have checked in ELK 7.12.1 on CentOS7 & ELK 7.13.1 on CentOS 7 and I don't have this problem.

Picture

My file logstash:

input {
  file {
    path => "/var/log/apache-daily-access.log"
    start_position => "beginning"
    sincedb_path => "/dev/null"
  }
}
filter {
  grok {
    match => { "message" => "%{COMBINEDAPACHELOG}" }
  }
  date {
    match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
  }
  geoip {
    source => "clientip"
  }
}
output {
  elasticsearch {
    hosts => ["192.168.20.8:9200"]
  }
}

Please explain to me and guide how to solve this problem.

Thanks

Badger · June 9, 2021, 3:57pm

This is really an elasticsearch question. See this blog post.

Cong_To · June 9, 2021, 4:03pm

Hi

I found the cause, the error was because I had two configuration files in the logstash folder and they had the same grok.

Thank you for following.

system · July 7, 2021, 4:04pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Fields repeating same values Elasticsearch	6	650	December 4, 2018
Logstash configuration: filters using GROK different logs from one type of log file Logstash	6	1405	July 6, 2017
Problem with duplicate data in field Logstash	3	2060	August 10, 2017
Kibana showing two values instead of one Logstash	5	276	July 16, 2018
After mutate split and add_field,my message is repetition Logstash	1	1434	April 24, 2019

Why is the value in the field on kibana repeated?

Related topics