Calculates a secure hash of a field and uses that to match events as a
filter. See hashRewrite() on how get hashes into
events. Bits must be set to the value applied when the hash was stored in
the event.
| Parameter | Type | Required | Default Value | Description | |
|---|---|---|---|---|---|
bits | integer | optional[a] | 256 | Hash algorithm output bits to keep. Must be a multiple of 8. | |
| Minimum | 8 | ||||
| Maximum | 512 | ||||
field | string | optional[a] | The name of the field to look for an exact match against. If not set then @rawstring is searched for a matching substring. | ||
hash | string | optional[a] | sha256 | Hash algorithm to use for the match. | |
| Valid Values | |||||
sha256 | |||||
sha512 | |||||
input[b] | string | required | A constant value to hash and then apply as the search term. | ||
salt | string | optional[a] | The name of the secret salt to use. | ||
[a] Optional parameters use their default value unless explicitly set. | |||||
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
inputcan be omitted; the following forms of this function are equivalent:logscalehashMatch("value")and:
logscalehashMatch(input="value")These examples show basic structure only.
hashMatch() Examples
Filter events to only match those that have the value in the
ssn field equal to the hash of 12345678
logscale
ssn =~ hashMatch("12345678", salt="salt1")Filter events to only match those that have the value of the hash of 12345678 somewhere in @rawstring
logscale
hashMatch("12345678", salt="salt1")