Regex is not working for sensitive data search


(Patrick) #1

Hi,
My application logs contain strings like the following:

password=password123
&password=password123
%26password%3Dpassword123
%2526password%253Dpassword123

I'm trying to get an exact match for these strings using a simple regex but I'm not getting any matches.

The regex filter is:
message:/[Pp]ass(wd|word)/

I am getting a lot of other results such as:
"create-password"
"app-password"
" password "
" passwd "

What am I doing wrong here? I'm using Kibana 3.1.2-07bbd7e.


(Lukas Olson) #2

I'm not sure what you mean by "I'm trying to get an exact match for these strings".

Are you trying to capture the "password123" part? Or just filter your logs where it contains a password?


(Patrick) #3

Hi lukas -
We want to develop a regex to help us filter logs that have sensitive data such as passwords, access codes, etc., so that we can help our development team remove the sensitive data from our logs.

Any guidance can help in this regard.


(Patrick) #4

Hi Lukas - Were you about to look at this request? Let me know.


(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.