Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vladimir2021-06-22 14:10:37
elasticsearch
Vladimir, 2021-06-22 14:10:37

How to hide part of a message in ELK?

Is there a way in ELK to hide the password part of the message? for example change by regular expression.

I know that you can do something like this through logstash filters

if [action] == "login" {
    mutate { remove_field => "secret" }
  }


But I would like something more serious to leave part of the message and remove only the password.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vladimir, 2021-06-28
@idskill

In general, you need to add if in the filter with a regular expression and, through the mutate module, replace the regular expression inside this message.
Example:

if [message] =~ "statement: ((?i)alter|(?i)create) ((?i)user|(?i)role)" {
      mutate {
        gsub => [
          "message", "'.*'", "'******'"
        ]
      }
    }

Similar questions
R
Ruslan Website2022-02-03 09:43:59
How to make a number clickable in telegram after sending through the form? 1Reply
F
Fedor Sirotkin2020-08-18 17:59:55
How to convert Elasticsearch aggregation results to percentages and display a message based on the results? 0Reply
I
Ivan2021-12-19 00:41:26
How to make nginx custom log format in docker-compose? 1Reply
N
Nokyta2014-04-21 23:12:54
Is there an analogue of IN() in ElasticSearch for nested? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question