Is the "Hash" filter for the collector supposed to produce consistent hashing for consistent log values?

Follow
Avatar
Isaac Gittins
I am using a "Hash" Filter on a local file collector, and I can see that the required data is being hashed, but I was expecting that the same value matched in the filter would produce the same hash value, so that we can trace that value through the logs, but not see the original value. This does not appear to be the case. I have a field that can only have 1 of 3 possible values, yet every hash for this field is unique. I have been able to trace back to the original log entries on disk, and can see that the same logged value produces different hashed values. Is this the expected behaviour, if so, this seems to be no better than Masking. Filter Config: { "filterType": "Hash", "name": "card_type (MAP)", "regexp": "\"card_type\"=>\"(.*)\"" } Possible Values: --visa --mastercard --amex So far 'mastercard' has resulted in different hashes each time> Examples hashes resulting from 'mastercard' value from the same source log file on one server: --e847f10e2aaa4f357d5e28dd44f2e73f --edabb452e4495aa4369350302bc40c04 -- 4c16c3c9c8361d76a15839d3b36cf8bf Is it possible to make is so that there is a one to one mapping of log value to hashed value? Thanks Isaac. amaysim Australia Pty Ltd
0

Comments

2 comments

Sort by Date Votes
  • Avatar
    Isaac Gittins
    My Bad... I should have used a non-greedy match ... it was slurping in the rest of the log line.
    0
    Comment actions Permalink
  • Avatar
    Olaf Stein
    Isaac, just to add a final note, we use standard md5 hashing for this purpose... Thanks Olaf
    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post