Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vladimir2021-06-22 14:10:37
elasticsearch
Vladimir, 2021-06-22 14:10:37

How to hide part of a message in ELK?

Is there a way in ELK to hide the password part of the message? for example change by regular expression.

I know that you can do something like this through logstash filters

if [action] == "login" {
    mutate { remove_field => "secret" }
  }


But I would like something more serious to leave part of the message and remove only the password.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vladimir, 2021-06-28
@idskill

In general, you need to add if in the filter with a regular expression and, through the mutate module, replace the regular expression inside this message.
Example:

if [message] =~ "statement: ((?i)alter|(?i)create) ((?i)user|(?i)role)" {
      mutate {
        gsub => [
          "message", "'.*'", "'******'"
        ]
      }
    }

Similar questions
E
EmachinesDIMA2022-02-08 11:36:42
How to make filebeat listen only to certain docker containers? 2Reply
S
Stan_12014-06-30 08:57:54
What DBMS will provide the minimum access time to unheated data? 3Reply
A
ArFeRR2014-07-09 16:53:06
How to convert the WHERE part of a SQL query to a filter for ElasticSearch? 0Reply
U
un1t2014-07-16 10:20:05
How to make facets in ElasticSearch case insensitive? 1Reply
S
Stan_12014-07-19 17:22:32
What is the best way to organize a search for multiple fields in ElasticSearch? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question