Fingerprint filter concatenate_all_fields vs concatenate_sources

mikhatanu · December 2, 2022, 4:13am

Hello, does concatenate_sources only concat field in the source option and concatenate_all_fields concat all the fields from the input, e.g.: i have a log with a,b,c,d,e fields.

If i use this,

fingerprint{
    concatenate_sources => "true"
    method => "MURMUR3_128"
    source => ["a","b"]
    target => "fingerprint"
  }

the fingerprint will use the concat of a and b only. But if I use this

fingerprint{
    concatenate_all_fields => "true"
    method => "MURMUR3_128"
    source => ["a","b"]
    target => "fingerprint"
  }

the fingerprint will use the concat of a, b, c, d, and e?

Badger · December 2, 2022, 4:44pm

If you look at the code you will see that if concatenate_all_fields is set then source is ignored.

system · December 30, 2022, 4:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Fingerprint filter and concatenate_sources Logstash	4	1420	July 6, 2017
Fingerprint filter questions: is fingerprint source sensitive to different data types? does it include the field name when calculating fingerprint? Logstash	2	214	December 30, 2022
Logstash fingerprint hash everything Logstash	3	3620	April 6, 2017
Logstash Fingerprint Plugin: How to Exclude @timestamp Logstash	10	2348	January 26, 2018
Logstash fingerprint 7.1 Logstash	6	1399	July 4, 2019

Fingerprint filter concatenate_all_fields vs concatenate_sources

Related topics