@shreyask I wanted to know the answer, so I experimented till I got this working. My apologies if my ruby coding style makes your eyeballs bleed. Not sure if you will also want to filter out host and @version.
filter {
ruby {
code => "
s = ''
h = event.to_hash
h.each { |k, v|
if k != '@timestamp'
s += ',' + k.to_s + ':' + v.to_s
end
}
event.set('some-field-name', s)
"
}
fingerprint {
key => "abc123"
source => "some-field-name"
method => "SHA256"
}
}
{
"bar" => 1234,
"@timestamp" => 2017-12-20T13:29:37.110Z,
"foo" => "0f4c2678",
"@version" => "1",
"host" => "[...]",
"fingerprint" => "732e31008aa3d3fdfda1d1160994c561ef5022e6e5183598c90b4e69f76c2db9",
"some-field-name" => ",@version:1,host:[...],bar:1234,foo:0f4c2678"
}
{
"bar" => 1234,
"@timestamp" => 2017-12-20T13:29:37.150Z,
"foo" => "0f4c2678",
"@version" => "1",
"host" => "[...]",
"fingerprint" => "732e31008aa3d3fdfda1d1160994c561ef5022e6e5183598c90b4e69f76c2db9",
"some-field-name" => ",@version:1,host:[...],bar:1234,foo:0f4c2678"
}