In our API, we are concatenating the order id and fingerprint to get the hashed value for orderKey.
Given the id/fingerprint of the items:
id: '7542b27c-c255-4b18-8321-06c9d65aca7f'
fingerprint: '28d68c4f04f487f514db3df32d36f70e31d27592'
The values concatenated together are '7542b27c-c255-4b18-8321-06c9d65aca7f28d68c4f04f487f514db3df32d36f70e31d27592', and our API is outputting '0c948678d0e2b308e178ea3a9e1e01c0f6ba79ef' for orderKey, but logstash output is 'bb5931eaed2186c3b4347401f0ae07e5fa98ed36'.
so i am just wondering why its different.
which library is being used for SHA1 in the logstash.
When set to true and method isn’t UUID or PUNCTUATION , the plugin concatenates the names and values of all fields given in the source option into one string (like the old checksum filter) before doing the fingerprint computation.
The names of the fields are also present in the string, you can check the code to see how it is done, this is an test example from the code.
describe "with concatenate_sources" do
let(:config) { super().merge("concatenate_sources" => true) }
it "fingerprints the value of concatenated key/pairs" do
# SHA1 of "|field1|test1|field2|test2|"
expect(fingerprint).to eq("e3b6b71eedc656f1d29408264e8a75535db985cb")
end
end
end
So, the string that logstash will create a fingerprint is not what you expect:
[2024-04-17T09:18:35,093][DEBUG][logstash.filters.fingerprint][main][b6379a23a6015de83c4bd38df4abd75eac5bb0dfaa3a23504ddf58dd7a082fce] String built {:to_checksum=>"|fingerprint|28d68c4f04f487f514db3df32d36f70e31d27592|id|7542b27c-c255-4b18-8321-06c9d65aca7f|"}
To get the same result as your library you needto concatenate the string before using the fingerprint filter.
None of the events you shared have the field [items][selectedModifiersCombined], so they will match the else condition in your pipeline and the fingerprint will be the same.
You need to share both documents so this can be replicated.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.