Calculates a secure hash of a field and uses that to match events as a
filter. See hashRewrite() on how get hashes into
events. Bits must be set to the value applied when the hash was stored in
the event.
Function Traits: Filter, WithInputField
| Parameter | Type | Required | Default | Description |
|---|---|---|---|---|
bits | integer | optional | 256 | Hash algorithm output bits to keep. Must be a multiple of 8. |
| Minimum | 8 | |||
| Maximum | 512 | |||
field | string | optional | The name of the field to look for an exact match against. If not set then @rawstring is searched for a matching substring. | |
hash | string | optional | sha256 | Hash algorithm to use for the match |
| Valid Values | sha256 | |||
sha512 | ||||
input[a] | string | required | A constant value to hash and then apply as the search term. | |
salt | string | optional | The name of the secret salt to use. | |
The parameter name for input can be omitted; the following forms are equivalent:
logscale
hashMatch("value")and:
logscale
hashMatch(input="value")hashMatch() Examples
Filter events to only match those that have the value in the
ssn field equal to the hash of 12345678
logscale
ssn =~ hashMatch("12345678", salt="salt1")Filter events to only match those that have the value of the hash of 12345678 somewhere in @rawstring
logscale
hashMatch("12345678", salt="salt1")