Calculates a secure hash of a field and uses that to match events as a
filter. See hashRewrite()
on how get hashes into
events. Bits must be set to the value applied when the hash was stored in
the event.
Parameter | Type | Required | Default Value | Description | |
---|---|---|---|---|---|
bits | integer | optional[a] | 256 | Hash algorithm output bits to keep. Must be a multiple of 8. | |
Minimum | 8 | ||||
Maximum | 512 | ||||
field | string | optional[a] | The name of the field to look for an exact match against. If not set then @rawstring is searched for a matching substring. | ||
hash | string | optional[a] | sha256 | Hash algorithm to use for the match. | |
Valid Values | |||||
sha256 | |||||
sha512 | |||||
input [b] | string | required | A constant value to hash and then apply as the search term. | ||
salt | string | optional[a] | The name of the secret salt to use. | ||
[a] Optional parameters use their default value unless explicitly set. |
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
input
can be omitted; the following forms of this function are equivalent:logscalehashMatch("value")
and:
logscalehashMatch(input="value")
These examples show basic structure only.
hashMatch()
Examples
Filter events to only match those that have the value in the
ssn
field equal to the hash of 12345678
logscale
ssn =~ hashMatch("12345678", salt="salt1")
Filter events to only match those that have the value of the hash of 12345678 somewhere in @rawstring
logscale
hashMatch("12345678", salt="salt1")