Chris Kuethe
Chris Kuethe
Yes, a flag to the constructor to silently drop dups would be great. That would allow me to backfill logs and still have unique events.
Yes, all the fields including timestamp and uuid would be equal if the event was to be considered a duplicate. - Different UUID? Lightning struck Alice instead of Bob. Log...
``` { "name" : "my-remote-server", "cluster_name" : "my-elk-stack", "cluster_uuid" : "KmBuokUjSnmsO7ZUYGygOA", "version" : { "number" : "5.0.2", "build_hash" : "f6b4951", "build_date" : "2016-11-24T10:07:18.101Z", "build_snapshot" : false, "lucene_version" : "6.2.1" },...
Thanks for looking into this. Unfortunately even with the latest commit I still see this behavior... I'll clear my browser storage and do some more testing in the morning.
There about 125 fields in each of the indices as I'm exploring syslog with a bunch of different hosts, log types, and fields courtesy of filebeat and logstash
https://gist.github.com/ckuethe/a0c0ce3033c8250eb68e2362ffb30a85
Oops - 142 fields. 
this seems somewhat related to #43
That was implicit in my head. Have a toggle switch to enable/disable automatic update, and then a refresh knob; either a drop-down selector, or a numeric entry field.
democrat|republican