Added example of the checksum filter for deduplication of events.

[jordansissel]

FYI: checksum filter will be removed soon. Recommend using fingerprint filter instead; it does similar but performs better.

[shurane]

@jordansissel Looks like it otherwise works the same way.

Hm, I'm kind of confused with trying to use fingerprint {}. Why is the key field required for sha1 but not for murmurhash3? Is this related to the anonymize word elsewhere?

https://github.com/elasticsearch/logstash/blob/v1.4.2/lib/logstash/filters/fingerprint.rb#L44

[shurane]

Alright, updated configuration with usage of both the fingerprint and checksum filters. Note that with logstash 1.4.2, the @timestamp field doesn't work with the fingerprint filter. Find out more about it at: https://github.com/elasticsearch/logstash/issues/1572