"uuid" and "fingerprint" fields

gayathri · August 24, 2016, 9:37am

Hi Team,

I am using below configuration in logstash.conf for avoiding duplicate log entries:
filter{
uuid {
target => "@uuid"
overwrite => true
}
fingerprint {
source => ["message"]
target => "fingerprint"
key => "78787878"
method => "SHA1"
concatenate_sources => true
target => "[@metadata][fingerprint]"
}

}}
output {
elasticsearch {
host => localhost
document_id => "%{[@metadata][fingerprint]}"
}
stdout { codec => rubydebug }
}

Is there any issues on using this method.?

magnusbaeck · August 24, 2016, 11:04am

I don't remember if you need to add an extra option to the ES output to get upsert behavior. Apart from that possible issue this should be fine except. What's the purpose of the uuid field?

gayathri · August 24, 2016, 11:05am

inorder to remove the duplication

magnusbaeck · August 24, 2016, 11:09am

But

UUIDs are random and therefore useless for duplicate elimination, and
you're not using the uuid field anywhere in the rest of your configuration.

gayathri · August 24, 2016, 11:20am

so you mean "fingerprint" field is enough for removing the duplication?

magnusbaeck · August 24, 2016, 11:32am

Yes.

gayathri · August 24, 2016, 11:34am

ohk....will it impact anything except duplication ?

magnusbaeck · August 24, 2016, 11:35am

Will what impact anything? The mere presence of the [@metadata][fingerprint] field?

Topic		Replies	Views
Use uuid or fingerprint for document_id? Logstash	3	1949	July 6, 2017
Logstash fingerprint not able to remove duplicate Logstash	8	1614	October 22, 2019
Logstash Fingerprint Plugin: How to Exclude @timestamp Logstash	10	2348	January 26, 2018
Duplicate Lines Logstash	1	486	January 6, 2017
Logstash fingerprint 7.1 Logstash	6	1399	July 4, 2019

"uuid" and "fingerprint" fields

Related topics