Yup, that's true. It will be able to query only by that set of columns,
which is an issue for future requirements.
For now its a quick-fix, but I wonder if I'm missing something on the
"aggregations" function..
Cheers
On Sunday, October 19, 2014 5:07:31 PM UTC+1, Alastair James wrote:
>
> Hmmm. I dont know much about logstash, but I suspect thats concatenating
> the 3 values into one string and taking a hash of it.... This would allow
> you to group by that exact set of 3 columns.... however my use case is that
> I need to be able to group by and subset of columns, so this could not be
> pre-defined in that way.
>
> Al
>
> On 19 October 2014 16:48, Artur Martins <artu...@gmail.com <javascript:>>
> wrote:
>
>> I heard that it could be done with a fingerprint, but I don't know how to
>> do this. It's in logstash.conf
>>
>> Have a look:
>>
>> Fingerprint the 3-tuple of source address, destination address,
>> destination port
>>
>> if [SourceAddress] and [DestinationAddress] {
>> fingerprint {
>> concatenate_sources => true
>> method => "SHA1"
>> key => "logstash"
>> source => [ "SourceAddress", "DestinationAddress", "DestinationPort" ]
>> }
>> }
>>
>> But what exactly will this do? What next?
>> Hope you can understand this and help us both 😊
>>
>> Thanks
>>
>> --
>> You received this message because you are subscribed to a topic in the
>> Google Groups "elasticsearch" group.
>> To unsubscribe from this topic, visit
>> https://groups.google.com/d/topic/elasticsearch/gVLNqArGvVA/unsubscribe.
>> To unsubscribe from this group and all its topics, send an email to
>> elasticsearc...@googlegroups.com <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/elasticsearch/005d8152-9ee0-49bb-a8d5-84ccb9634124%40googlegroups.com
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>
>
> --
> Dr Alastair James
> CTO Ometria.com
> Skype: al.james
>
>
--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/f23f37e7-35a3-4a8a-9c8b-9334460f7aa7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
