我有一个logstash过滤器,该过滤器从XML有效负载中提取api令牌字符串。我不想将实际的API令牌存储在elasticsearch中,我想存储一个哈希版本。我的过滤器文件如下:
filter {
xml {
source => "xml_request"
store_xml => "false"
force_array => "false"
xpath => [ "//authentication/apiKey/text()", "api_key" ]
}
if [api_key] =~ /.+/ {
fingerprint {
method => "SHA256"
key => "some_random_string"
source => "api_key"
target => "api_key"
}
}
}
不幸的是,指纹过滤器似乎不起作用,因为api_key值始终是XML输入中的值,而不是SHA256散列的。我尝试将target字段设置为新字段(例如api_key_hashed)进行测试,但新字段未显示。谁能给我一些启示?
答案 0 :(得分:0)
我不知道这是否有帮助,但是您可以尝试:
fingerprint {
add_field => {
"apikey" => "%{api_key}"
remove_field => [ "%{api_key}" ]
}
add_field => {
"api_key" => "%{apikey}"
remove_field => [ "%{apikey}" ]
}
}
否则,您可以尝试: GROK_OVERRIDE或GROK ADD FIELD或DROP ADD FIELD