anonymize
editanonymize
editWe recommend that you use the fingerprint filter plugin instead of anonymize.
Anonymize fields by replacing values with a consistent hash.
Synopsis
editThis plugin supports the following configuration options:
Required configuration options:
anonymize {
algorithm => ...
fields => ...
key => ...
}
Available configuration options
edit| Setting | Input type | Required | Default value |
|---|---|---|---|
No |
|
||
No |
|
||
string, one of |
Yes |
|
|
Yes |
|||
Yes |
|||
No |
|
||
No |
|
||
No |
|
Details
edit
add_field
edit- Value type is hash
-
Default value is
{}
If this filter is successful, add any arbitrary fields to this event.
Field names can be dynamic and include parts of the event using the %{field}.
Example:
filter {
anonymize {
add_field => { "foo_%{somefield}" => "Hello world, from %{host}" }
}
}
# You can also add multiple fields at once:
filter {
anonymize {
add_field => {
"foo_%{somefield}" => "Hello world, from %{host}"
"new_field" => "new_static_value"
}
}
}
If the event has field "somefield" == "hello" this filter, on success,
would add field foo_hello if it is present, with the
value above and the %{host} piece replaced with that value from the
event. The second example would also add a hardcoded field.
add_tag
edit- Value type is array
-
Default value is
[]
If this filter is successful, add arbitrary tags to the event.
Tags can be dynamic and include parts of the event using the %{field}
syntax.
Example:
filter {
anonymize {
add_tag => [ "foo_%{somefield}" ]
}
}
# You can also add multiple tags at once:
filter {
anonymize {
add_tag => [ "foo_%{somefield}", "taggedy_tag"]
}
}
If the event has field "somefield" == "hello" this filter, on success,
would add a tag foo_hello (and the second example would of course add a taggedy_tag tag).
algorithm
edit- This is a required setting.
-
Value can be any of:
SHA1,SHA256,SHA384,SHA512,MD5,MURMUR3,IPV4_NETWORK -
Default value is
"SHA1"
digest/hash type
fields
edit- This is a required setting.
- Value type is array
- There is no default value for this setting.
The fields to be anonymized
key
edit- This is a required setting.
- Value type is string
- There is no default value for this setting.
Hashing key When using MURMUR3 the key is ignored but must still be set. When using IPV4_NETWORK key is the subnet prefix lentgh
periodic_flush
edit- Value type is boolean
-
Default value is
false
Call the filter flush method at regular interval. Optional.
remove_field
edit- Value type is array
-
Default value is
[]
If this filter is successful, remove arbitrary fields from this event. Fields names can be dynamic and include parts of the event using the %{field}
Example:
filter {
anonymize {
remove_field => [ "foo_%{somefield}" ]
}
}
# You can also remove multiple fields at once:
filter {
anonymize {
remove_field => [ "foo_%{somefield}", "my_extraneous_field" ]
}
}
If the event has field "somefield" == "hello" this filter, on success,
would remove the field with name foo_hello if it is present. The second
example would remove an additional, non-dynamic field.
remove_tag
edit- Value type is array
-
Default value is
[]
If this filter is successful, remove arbitrary tags from the event.
Tags can be dynamic and include parts of the event using the %{field}
syntax.
Example:
filter {
anonymize {
remove_tag => [ "foo_%{somefield}" ]
}
}
# You can also remove multiple tags at once:
filter {
anonymize {
remove_tag => [ "foo_%{somefield}", "sad_unwanted_tag"]
}
}
If the event has field "somefield" == "hello" this filter, on success,
would remove the tag foo_hello if it is present. The second example
would remove a sad, unwanted tag as well.