The name(s) of the source field(s) whose contents will be used to create the fingerprint.
So you should use it like this:
source => ["base_string"]
Also, I'm not sure that using %{signature_key} in the key option would get the value of the signature_key or use the literal value of %{signature_key} as the key, didn't look at the code to confirm, not every option in every filter will support sprintf of fields.
I would use the key directly in the filter to avoid any mistakes, you there is no need to create an empty signature field.
Yes. Adding to what Leandro said, the filter does not sprintf the value of the source option. It just iterates over the members of the array. If no such field exists then the filter is a no-op.
It also does not sprintf the key option. But I would question why you are using the key option at all. Do you really need a message authentication code rather than a hash? A key is a shared secret that the receiver of the fingerprint can use to authenticate it. If you just need a hash then do not set the key option.
Hi all, thanks for the response I was indeed using the source field incorrectly. For context I am trying to use OAUth1 to generate a SHA1 signature within Logstash
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.