I've been reading around the docs and other questions, and from what I can tell, Splunk is supposed to be taking an MD5 hash of every event going on, and if an incoming event matches an already existing index, it will drop it and not duplicate it. However, I'm getting the exact opposite result, and it's very important for my project to not spend extra resources on unnecessary actions such as reindexing the exact same events any number of times. I've included a screenshot of what I'm talking about - I took an md5 of the incoming _raw variable on the second run of the same Go file that communicates via TCP to my index `cve`. and as you can see, the hashes of the duplicated events are exactly the same, yet they're duplicated. Any help is appreciated.![alt text][1]
Thanks!
[1]: /storage/temp/274848-screen.jpg
↧