- Fleet and Elastic Agent Guide: other versions:
- Fleet and Elastic Agent overview
- Beats and Elastic Agent capabilities
- Quick starts
- Migrate from Beats to Elastic Agent
- Set up Fleet Server
- Install Elastic Agents
- Install Fleet-managed Elastic Agents
- Install standalone Elastic Agents (advanced users)
- Install Elastic Agents in a containerized environment
- Installation layout
- Air-gapped environments
- Use a proxy server with Elastic Agent and Fleet
- Uninstall Elastic Agents from edge hosts
- Start and stop Elastic Agents on edge hosts
- Elastic Agent configuration encryption
- Secure connections
- Manage Elastic Agents in Fleet
- Manage integrations
- Configure standalone Elastic Agents
- Define processors
- Processor syntax
- add_cloud_metadata
- add_cloudfoundry_metadata
- add_docker_metadata
- add_fields
- add_host_metadata
- add_id
- add_kubernetes_metadata
- add_labels
- add_locale
- add_network_direction
- add_nomad_metadata
- add_observer_metadata
- add_process_metadata
- add_tags
- community_id
- convert
- copy_fields
- decode_base64_field
- decode_cef
- decode_csv_fields
- decode_duration
- decode_json_fields
- decode_xml
- decode_xml_wineventlog
- decompress_gzip_field
- detect_mime_type
- dissect
- dns
- drop_event
- drop_fields
- extract_array
- fingerprint
- include_fields
- move_fields
- parse_aws_vpc_flow_log
- rate_limit
- registered_domain
- rename
- replace
- script
- syslog
- timestamp
- translate_sid
- truncate_fields
- urldecode
- Command reference
- Troubleshoot
- Release notes
Generate a fingerprint of an event
editGenerate a fingerprint of an event
editThe fingerprint
processor generates a fingerprint of an event based on a
specified subset of its fields.
The value that is hashed is constructed as a concatenation of the field name and
field value separated by |
. For example |field1|value1|field2|value2|
.
Nested fields are supported in the following format: "field1.field2"
, for example: ["log.path.file", "foo"]
Example
edit- fingerprint: fields: ["field1", "field2", ...]
Configuration settings
editElastic Agent processors execute before ingest pipelines, which means that your processor configurations cannot refer to fields that are created by ingest pipelines or Logstash. For more limitations, refer to What are some limitations of using processors?
Name | Required | Default | Description |
---|---|---|---|
|
Yes |
List of fields to use as the source for the fingerprint. The list will be alphabetically sorted by the processor. |
|
|
No |
|
Whether to ignore missing fields. |
|
No |
|
Field in which the generated fingerprint should be stored. |
|
No |
|
Algorithm to use for computing the fingerprint. Must be one of: |
|
No |
|
Encoding to use on the fingerprint value. Must be one of: |
On this page