I want to mask some logs in spesific fields, for example if end point ends with api or token i want to remove userKey messages from field ResponseMessage
But not whole field that i want to remove or mask, only the userKey message.
Is it possible to do it? userKey is not an field for our logs.
I wrote something like this but it's not working;
filter {
if "PROD" in [tags] {
{
if "api","token" in [EndPoint]
mutate {
gsub => ["ResponseMessage","(?im)(\\?\"([\w\d]*?(encryptionKey|userKey)[\w\d]*?)\\?\"\:\\?\s\\?\")(.*?)(\\\"|\"|,|})", "\1***\5"]
}
}
"Is there a way i can do the following using logstash filters:
I have an ID stored in a field example id: 123456789.
I want to replace first 5 digits with an 'x'. so that id looks like, id:xxxxx6789.
How can i do this in logstash filters?"
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.