Calculates a secure hash of a field and uses that to match events as a filter. See hashRewrite() on how get hashes into events. Bits must be set to the value applied when the hash was stored in the event.

ParameterTypeRequiredDefaultDescription
bitsintegeroptional[a]256 Hash algorithm output bits to keep. Must be a multiple of 8.
  Minimum8 
  Maximum512 
fieldstringoptional[a]  The name of the field to look for an exact match against. If not set then @rawstring is searched for a matching substring.
hashstringoptional[a]sha256 Hash algorithm to use for the match
  Valid Valuessha256
   sha512
input[b]stringrequired  A constant value to hash and then apply as the search term.
saltstringoptional[a]  The name of the secret salt to use.

[a] Optional parameters use their default value unless explicitly set

[b] The argument name input can be omitted.

Omitted Argument Names

The argument name for input can be omitted; the following forms of this function are equivalent:

logscale
hashMatch("value")

and:

logscale
hashMatch(input="value")

hashMatch() Examples

Filter events to only match those that have the value in the ssn field equal to the hash of 12345678

logscale
ssn =~ hashMatch("12345678", salt="salt1")

Filter events to only match those that have the value of the hash of 12345678 somewhere in @rawstring

logscale
hashMatch("12345678", salt="salt1")