-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expand supported redactors for redact #112
Comments
A few notes: - I opted not to highlight emitting multiple events from `remap` yet as I'd really like to get the `unnest` PR in there first #7404 since it's not super useful until then. - I opted not to highlight the new `redact` function until we add additional filters (#7435) and possibly redactors (#7445) since it is a bit lack luster until then. Signed-off-by: Jesse Szwedko <jesse@szwedko.me>
+1 for this. I was migrating from a Logstash based config where I'm using For example if this could work: Is there any workaround using other string substitution methods? |
@mr-karan you can still use
$ .message = "my_token:abcdefghijklmnopqrstuvwxyz"
"my_token:abcdefghijklmnopqrstuvwxyz"
$ replace(token, r'(my_token):(.*)(\S{8})', "$1*$3")
"my_token*stuvwxyz" You can try it out yourself by running |
@JeanMertz Thanks for the help. Works well 👍 |
@JeanMertz A bit perplexed here. I tried out the [transforms.format_logs]
type = "remap"
inputs = ["haproxy_logs"]
source = '''
.message = replace!(.message,r'(auth=token)(.*?):(.*?)(\S{8})&', "$1$2:*$4&")
'''
[[tests]]
name = "check if token is redacted"
[[tests.inputs]]
insert_at = "format_logs"
type = "raw"
value = "auth=token myapp:GDyB5onL3Whi69RY2MELVPLWs1nVYamq&-"
[[tests.outputs]]
extract_from = "format_logs"
[[tests.outputs.conditions]]
type = "check_fields"
"message.equals" = "auth=token myapp:*s1nVYamq&-" When running
When doing the same thing with
I am really confused how this is happening 😵 |
Hi @mr-karan . I think you running into the same issue as vectordotdev/vector#8067. The issue is that You can escape the This is a pretty big gotcha though as the replacement groups use |
Thanks @jszwedko for the explanation :) Escaping |
Broken off from vectordotdev/vector#7250 (comment)
The initial implementation of
redact
just had one redactor that always replaced with[REDACTED]
. We should expand this to support additional redactors like:The text was updated successfully, but these errors were encountered: