Drop duplicate lines with NXLog

Question

I'm using NXLog to read a log file and send it to Logstash. This works fine, but the some of the log items are duplicates. They're in separate lines, but the content is exactly the same. I can't change the way the logs are written to the log file, so the only way is to fix it either with NXlog before it gets send, or in Logstash when it arrives, which I prefer not to do.

NXlog does have a function for this, but it's not working for me.

<Processor norepeat>
Module  pm_norepeat
</Processor>

<Route 1>
Path in => norepeat => out
</Route>

After this I'm still receiving the duplicates in Logstash. Any ideas?

score 0 · Answer 1 · answered Jul 28 '15 at 10:27

0

im_file populates raw_event so you should probably use this:

CheckFields raw_event

See the answer here.

answered Jul 28 '15 at 10:27

b0ti

2,319
1
18
18

Drop duplicate lines with NXLog

1 Answers1