Fingerprint documentation confusing
Closed this issue · 2 comments
The documentation for the fingerprint filter is very confusing.
- Is key the field that I need to populate? If so, its importance isn't really noted. If not, what is the important value that I need to know about?
- The description is essentially blank.
- Is there an example of using this filter with one or more fields?
See this issue for more details.
Copying @jakelandis' comment from elastic/logstash#7493
For all methods but MURMUR3 or UUID the key is required. The default is SHA1 which requires a key.
There is an outstanding bug : #18 that should address the need to NOT use keys for simple (keyless) hashing.
The key is really only important if you are trying to provide a means of nonrepudiation which (imo) is only relevant w/r/t security. If you are only using the fingerprint for uniquness, I would still suggest using one of the hashing functions, such as SHA1, since it will be tied to the data and likely more collision resistant then the non-crypto methods.
Example with multiple fields:
input { stdin { } }
filter {
fingerprint {
key => "mysupersecretkeyhere"
source => ["message", "@timestamp"]
}
}
output { stdout { codec => rubydebug }}
I believe that the documentation should be better now that https://github.com/logstash-plugins/logstash-filter-fingerprint/pull/37/files (the fix for #18) has been merged.
It may take a little bit for the documentation to get published to elastic.co, but can be seen here in raw form: https://github.com/logstash-plugins/logstash-filter-fingerprint/blob/master/docs/index.asciidoc
This will be released in 3.2.0