Calculates a secure hash of a field and uses that to match
events as a filter. See hashRewrite() on
how get hashes into events. Bits must be set to the value
applied when the hash was stored in the event.
| Parameter | Type | Required | Default Value | Description |
|---|---|---|---|---|
bits | integer | optional[a] | 256 | Hash algorithm output bits to keep. Must be a multiple of 8. |
| Minimum | 8 | |||
| Maximum | 256 | |||
field | string | optional[a] | The name of the field to look for an exact match against. If not set then @rawstring is searched for a matching substring. | |
hash | string | optional[a] | sha256 | Hash algorithm to use for the match. |
| Values | ||||
sha256 | ||||
sha512 | ||||
input[b] | string | required | A constant value to hash and then apply as the search term. | |
salt | string | required | The name of the secret salt to use. | |
[a] Optional parameters use their default value unless explicitly set. | ||||
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
inputcan be omitted; the following forms of this function are equivalent:logscale SyntaxhashMatch("value",salt="value")and:
logscale SyntaxhashMatch(input="value",salt="value")These examples show basic structure only.
hashMatch() Syntax Examples
Filter events to only match those that have the value in the
ssn field equal to the hash of
12345678
ssn =~ hashMatch("12345678", salt="salt1")Filter events to only match those that have the value of the hash of 12345678 somewhere in @rawstring
hashMatch("12345678", salt="salt1")