Available: crypto:sha1() v1.161.0

The crypto:sha1() function is available from v1.161.0

Computes a cryptographic SHA1-hashing of the given input field or array of fields. The hashed output is returned as a hex string, meaning the hexadecimal representation of the SHA1 hash of data.

This function can be used to calculate checksums to compare outside of LogScale or collect multiple fields into a combined string of fixed length.

ParameterTypeRequiredDefault ValueDescription
asstringoptional[a]_sha1 The name of the output field.
field[b]Array of stringsrequired  The name of the field or fields to hash.

[a] Optional parameters use their default value unless explicitly set.

[b] The argument name field can be omitted.

Hide omitted argument names for this function

Show omitted argument names for this function

crypto:sha1() hashes the UTF-8 encoding of the fields.

When providing more than one field:

  • the function hashes the concatenation of the fields

  • if a given field is missing from an event — or if it has an empty value — it is treated as the empty string.

crypto:sha1() Examples

SHA-1 Hash Multiple Fields

Query
logscale
crypto:sha1(field=[a,b,c])
Introduction

In LogScale it is possible to encode strings using different algorithms such as MD5, SHA-1, and SHA-256 and create a hash; also called a fingerprint. The MD5 hash function is the weakest of the three, whereas SHA-256 is the strongest. The crypto:sha1() function is used to create the SHA-1 hash by taking a string of any length and encoding it into a 160-bit fingerprint. The fingerprint is returned as hexadecimal characters. Encoding the same string using the SHA-1 algorithm will always result in the same 160-bit hash output (40 hexadecimal digits). In this example, the crypto:sha1() function is used to hash the fields a,b,c and return the result into a field named _sha1.

Step-by-Step
  1. Starting with the source repository events.

  2. logscale
    crypto:sha1(field=[a,b,c])

    Performs a cryptographic SHA1-hashing of a,b,c. The field argument can be omitted to write: crypto:sha1([a,b,c])

  3. Event Result set.

Summary and Results

The query is used to encode a string using the SHA-1 hash. When called with multiple values, crypto:sha1() function creates a single SHA-1 sum from the combined value of the supplied fields. Combining fields in this way and converting to an SHa-1 can be an effective method of creating a unique ID for a given fieldset which could be used to identify a specific event type. The SHA-1 is reproducible (for example, supplying the same values will produce the same SHA-1 sum), and so it can sometimes be an effective method of creating unique identifier or lookup fields for a join() across two different datasets.

SHA-1 Hash a Field With a Given Value

Query
logscale
a := "Hello, world!"
| crypto:sha1(a)
Introduction

In LogScale it is possible to encode strings using different algorithms such as MD5, SHA-1 and SHA-256 and create a hash; also called a fingerprint. The MD5 hash function is the weakest of the three, whereas SHA-256 is the strongest. The crypto:sha256() function is used to create the SHA-256 hash by taking a string of any length and encoding it into a 256-bit fingerprint. The fingerprint is returned as hexadecimal characters. Encoding the same string using the SHA-256 algorithm will always result in the same 256-bit hash output (64 hexadecimal digits). In this example, the crypto:sha1() function is used to hash the field a with value Hello, world! and convert the result into _sha1:

Step-by-Step
  1. Starting with the source repository events.

  2. logscale
    a := "Hello, world!"

    Finds all fields equal to Hello, world!

  3. logscale
    | crypto:sha1(a)

    Performs a cryptographic SHA-1-hashing of a:= "Hello, world!". The output value would be _sha1 = "943a702d06f34599aee1f8da8ef9f7296031d699"

  4. Event Result set.

Summary and Results

The query is used to encode a string using the SHA-1 hash. The hash generators MD5, SHA-1, and SHA-256 are for example useful for encoding passwords or representing other strings in the system as hashed values.