Fingerprint documentation is confusing

[morgango]

The documentation for the fingerprint filter is very confusing.

• Is key the field that I need to populate? If so, its importance isn't really noted. If not, what is the important value that I need to know about?
• The description is essentially blank.
• Is there an example of using this filter with one or more fields?

[jakelandis]

For all methods but MURMUR3 or UUID the key is required. The default is SHA1 which requires a key.

There is an outstanding bug : logstash-plugins/logstash-filter-fingerprint#18 that should address the need to NOT use keys for simple (keyless) hashing.

The key is really only important if you are trying to provide a means of nonrepudiation which (imo) is only relevant w/r/t security. If you are only using the fingerprint for uniquness, I would still suggest using one of the hashing functions, such as SHA1, since it will be tied to the data and likely more collision resistant then the non-crypto methods.

Example with multiple fields:

input { stdin { } }
filter {
  fingerprint {
    key => "mysupersecretkeyhere"
    source => ["message", "@timestamp"] 
    }
  }
output {  stdout { codec => rubydebug }}

@morgango - Would you mind closing this issue and re-raising it as a plugin issue. I agree the documentation can be confusing.

[jordansissel]

Closing since this was moved to the fingerprint repo