Fingerprint filter concatenate_all_fields vs concatenate_sources

mikhatanu · December 2, 2022, 4:13am

Hello, does concatenate_sources only concat field in the source option and concatenate_all_fields concat all the fields from the input, e.g.: i have a log with a,b,c,d,e fields.

If i use this,

fingerprint{
    concatenate_sources => "true"
    method => "MURMUR3_128"
    source => ["a","b"]
    target => "fingerprint"
  }

the fingerprint will use the concat of a and b only. But if I use this

fingerprint{
    concatenate_all_fields => "true"
    method => "MURMUR3_128"
    source => ["a","b"]
    target => "fingerprint"
  }

the fingerprint will use the concat of a, b, c, d, and e?

Badger · December 2, 2022, 4:44pm

If you look at the code you will see that if concatenate_all_fields is set then source is ignored.

system · December 30, 2022, 4:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Fingerprint filter and concatenate_sources Logstash	4	1419	July 6, 2017
Fingerprint filter questions: is fingerprint source sensitive to different data types? does it include the field name when calculating fingerprint? Logstash	2	214	December 30, 2022
Logstash fingerprint not able to remove duplicate Logstash	8	1612	October 22, 2019
Logstash and fingerprint Logstash	2	30	July 24, 2024
Logstash Fingerprint Plugin Target Unchanged Logstash	4	172	February 29, 2024

Fingerprint filter concatenate_all_fields vs concatenate_sources

Related Topics