Hmmm. I dont know much about logstash, but I suspect thats concatenating
the 3 values into one string and taking a hash of it.... This would allow
you to group by that exact set of 3 columns.... however my use case is that
I need to be able to group by and subset of columns, so this could not be
pre-defined in that way.
Al
On 19 October 2014 16:48, Artur Martins <artur...@gmail.com> wrote:
> I heard that it could be done with a fingerprint, but I don't know how to
> do this. It's in logstash.conf
>
> Have a look:
>
> Fingerprint the 3-tuple of source address, destination address,
> destination port
>
> if [SourceAddress] and [DestinationAddress] {
> fingerprint {
> concatenate_sources => true
> method => "SHA1"
> key => "logstash"
> source => [ "SourceAddress", "DestinationAddress", "DestinationPort" ]
> }
> }
>
> But what exactly will this do? What next?
> Hope you can understand this and help us both 😊
>
> Thanks
>
> --
> You received this message because you are subscribed to a topic in the
> Google Groups "elasticsearch" group.
> To unsubscribe from this topic, visit
> https://groups.google.com/d/topic/elasticsearch/gVLNqArGvVA/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
> elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/005d8152-9ee0-49bb-a8d5-84ccb9634124%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
Dr Alastair James
CTO Ometria.com
Skype: al.james
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/CAMuyCY-u%2B6A%3DRUB1420BQZLt440eAShhSMeiwPWLLJgtq-Bm%3Dg%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
