add unique document id

resources/elk6/pipeline/2000_qualys_web_scans.conf

@@ -6,7 +6,7 @@
 
 input {
   file {
-    path => [ "/opt/VulnWhisperer/data/qualys_vuln/*.json" ] 
+    path => [ "/opt/VulnWhisperer/data/qualys_vuln/*.json" ]
     codec => json
     start_position => "beginning"
     tags => [ "qualys_vuln" ]
@@ -15,7 +15,7 @@ input {
     file_completed_action => "delete"
   }
   file {
-    path => [ "/opt/VulnWhisperer/data/qualys_web/*.json" ] 
+    path => [ "/opt/VulnWhisperer/data/qualys_web/*.json" ]
     codec => json
     start_position => "beginning"
     tags => [ "qualys_web" ]
@@ -79,13 +79,27 @@ filter {
     #     add_tag => [ "critical_asset" ]
     #   }
     # }
+    if [_unique] {
+      # Set document ID from _unique
+      mutate {
+        rename => { "_unique" => "[@metadata][id]" }
+      }
+    }
   }
 }
 output {
   if "qualys_vuln" in [tags] or "qualys_web" in  [tags] {
-    elasticsearch {
-      hosts => [ "elasticsearch:9200" ]
-      index => "logstash-vulnwhisperer-%{+YYYY.MM}"
+    if [@metadata][id] {
+      elasticsearch {
+        hosts => [ "elasticsearch:9200" ]
+        index => "logstash-vulnwhisperer-%{+YYYY.MM}"
+        document_id => "%{[@metadata][id]}"
+      }
+    } else {
+      elasticsearch {
+        hosts => [ "elasticsearch:9200" ]
+        index => "logstash-vulnwhisperer-%{+YYYY.MM}"
+      }
     }
   }
 }