Hello,
I have configureda watcher to alert an event, when it happens it sends an email with Participant's SSN, Username, Ip address, Geolocation. The below action sends me the records.
But I want to mask the first 5 digits of the SSN and render XXX-XX-0000, something like this. Is there an easy way to do this?
"actions": {
"email_administrator": {
"email": {
"profile": "standard",
"from": "'TA Tech Dev Ops example1@gmail.com'",
"priority": "high",
"to": [
"'TA Tech Dev Ops example2@gmail.com'"
],
"subject": "Test - Email template",
"body": {
"html": "
Test - Email template
{{
#ctx.payload.hits.hits}}
| Participant SSN |
{{_source.SOC_SEC_NO}} |
| Username |
{{_source.USER_NO}} |
| IP Address |
{{_source.REMOTE_IP_I}} |
| Geo IP location |
{{_source.geoiplocation}} |
{{/ctx.payload.hits.hits}}"
}
}
}
}
Thanks!
SV
If you have inline scripts allowed for your watchers, I'd recommend the following:
Create a transform script in PAINLESS (assuming a modern version of elastic stack) for your email action
The transform script would then reference your Participant SSN as a payload variable
The transform script would seperate the SSN into two groups, with the last4 being captured in a variable.
Return the variable as some string to the watch event already prepared in the desired format (XXX-XX-1234).
Reference that variable in your email template by the requisite name.
I envision your script would be something like
String last4SSN = /.*([0-9]{4})$/.matcher(ctx._source.SOC_SEC_NO).replaceAll('$1'); String maskedSSN = 'XXX-XX-' + last4SSN; return maskedSSN;
Obviously you'll want to play around with that; I don't have anything where I'm doing similar substitution but my idea was a transform to grab the last 4 digits from the SOC_SEC_NO, assign them to RegEx Variable 1, and to assign that as the last4SSN; Then concatenate that with the preceeding XXX-XX- to create a maskedSSN.
Return the variable for use in your email template as a mustache variable.
Use the watcher simulation to test your results, I recommend doing one transform statement at a time to ensure you're able to get it going!
Best of luck!
Hello John,
Thanks for the response. I will give this a try.
I have another issue, where I want to show NA in email alert for the fields that are not available with _source. I have a pre-formatted email template for which the fields that are not available with _source, I have to show that as NA.
I have written a transform script like the one below. Is this the right way to do this? I am getting the below error for this script,
Watcher: An internal server error occurred
"transform": {
"script": {
"source": "for(int j=0;j<ctx.payload.hits.hits;j++){if(ctx.payload.hits.hits[j]._source.containsKey("CASE_NO")) {return ctx.payload.hits.hits[j]._source.CASE_NO} else {return "NA"}}",
"lang": "painless"
}
}
- Please let me know if transform script is the right way to do this. If yes how can I access the returned value in email alert? If not, how can I achieve this.
Thanks!
SV