I'm using the syndication component (latest version), to fetch data from multiple feeds:
https://www.cloudflarestatus.com/history.atom https://cloud.ibm.com/status/api/notifications/feed.rss https://status.aws.amazon.com/rss/all.rss https://status.cloud.google.com/feed.atom https://ocistatus.oraclecloud.com/history.rss
By adding the entries, the events have started to repeat every time each feed is processed, which is 5 minutes, that is, it is re-indexing the entire set of events every 5 minutes for each feed. The check is activated so that it only takes into account new events.
When I set one feed, for example google feed with 3 events:
After 5 min:
If I make:
index=gcc_extension_1 source = syndication://google_gcc_ext | stats count values(host) values(source) values(sourcetype) values(index) by _raw | WHERE count>0
There are 6 results, note that it is not the entire _raw that is repeated, since the _indextime is different each time the array is processed.
I've been researching and doing all kinds of tests for a long time, but I don't know what the problem could be. If anyone could help me out a bit with this I'd really appreciate it.
Here, the detail of feed conf:
Aside from screenshots, I can provide configuration as needed.
Thank you very much in advance.
... View more