Computes a cryptographic SHA1-hashing of the given input field or array of
fields. The hashed output is returned as a
hex string, meaning the hexadecimal
representation of the SHA1 hash of data.
This function can be used to calculate checksums to compare outside of LogScale or collect multiple fields into a combined string of fixed length.
Hide omitted argument names for this function
Omitted Argument NamesThe argument name for
fieldcan be omitted; the following forms of this function are equivalent:logscalecrypto:sha1("field")and:
logscalecrypto:sha1(field="field")These examples show basic structure only.
crypto:sha1() hashes the UTF-8 encoding of the
fields.
When providing more than one field:
the function hashes the concatenation of the fields
if a given field is missing from an event — or if it has an empty value — it is treated as the empty string.
crypto:sha1() Examples
SHA-1 Hash Multiple Fields
Query
crypto:sha1(field=[a,b,c])Introduction
In LogScale it is possible to encode strings using
different algorithms such as MD5,
SHA-1, and SHA-256 and
create a hash; also called a fingerprint. The MD5 hash function is
the weakest of the three, whereas SHA-256 is the strongest. The
crypto:sha1() function is used to create the
SHA-1 hash by taking a string of any length and encoding it into a
160-bit fingerprint. The fingerprint is returned as hexadecimal
characters. Encoding the same string using the SHA-1 algorithm
will always result in the same 160-bit hash output (40 hexadecimal
digits). In this example, the crypto:sha1()
function is used to hash the fields
a,b,c and return the
result into a field named
_sha1.
Step-by-Step
Starting with the source repository events
- logscale
crypto:sha1(field=[a,b,c])Performs a cryptographic SHA1-hashing of a,b,c. The
fieldargument can be omitted to write:crypto:sha1([a,b,c]) Event Result set
Summary and Results
The query is used to encode a string using the SHA-1 hash. When
called with multiple values, crypto:sha1()
function creates a single SHA-1 sum from the combined value of the
supplied fields. Combining fields in this way and converting to an
SHa-1 can be an effective method of creating a unique ID for a
given fieldset which could be used to identify a specific event
type. The SHA-1 is reproducible (for example, supplying the same
values will produce the same SHA-1 sum), and so it can sometimes
be an effective method of creating unique identifier or lookup
fields for a join() across two different
datasets.
SHA-1 Hash a Field with a Given Value
Query
a := "Hello, world!"
| crypto:sha1(a)Introduction
In LogScale it is possible to encode strings using
different algorithms such as MD5, SHA-1 and SHA-256 and create a
hash; also called a fingerprint. The MD5 hash function is the
weakest of the three, whereas SHA-256 is the strongest. The
crypto:sha256() function is used to create
the SHA-256 hash by taking a string of any length and encoding it
into a 256-bit fingerprint. The fingerprint is returned as
hexadecimal characters. Encoding the same string using the SHA-256
algorithm will always result in the same 256-bit hash output (64
hexadecimal digits). In this example, the
crypto:sha1() function is used to hash the
field a with value
Hello, world! and convert
the result into _sha1:
Step-by-Step
Starting with the source repository events
- logscale
a := "Hello, world!"Finds all fields equal to
Hello, world! - logscale
| crypto:sha1(a)Performs a cryptographic SHA-1-hashing of a:= "Hello, world!". The output value would be
_sha1 = "943a702d06f34599aee1f8da8ef9f7296031d699" Event Result set
Summary and Results
The query is used to encode a string using the SHA-1 hash. The
hash generators MD5,
SHA-1, and SHA-256 are for
example useful for encoding passwords or representing other
strings in the system as hashed values.