Showing posts with label Cribl. Show all posts
Showing posts with label Cribl. Show all posts

Cribl - Change values to lowerCase

Some logs (e.g. Microsoft Azure) sometimes are not fully normalized to all lowercase characters. You can use Cribl to adjust those values by either use the eval or mask function:


Eval

_raw.toLowerCase()

Cribl Eval _raw:toLowerCase

Cribl eval _raw:toLowerCase

https://docs.cribl.io/stream/eval-function/ 

"The Eval Function adds or removes fields from events. (In Splunk, these are index-time fields.)"


Mask

You can also use Cribls mask function to hit all fields:

Regex = (.*)        <---- 1st Capturing Group (.*), see https://regex101.com/


g1.toLowerCase

Cribl Mask g1.toLowerCase



https://docs.cribl.io/stream/mask-function/

"The Mask Function masks, or replaces, patterns in events. This is especially useful for redacting PII (personally identifiable information) and other sensitive data."



at No comments:
Labels: , ,
Subscribe to: Posts (Atom)

Monitor UniFi WLAN Access Point with PRTG with SNMPv3 Auth+Encrypted

This is a tiny guide howto monitor your UniFi wireless accesspoint, in this case a Unifi U7 pro with SNMPv3 with AES-Encryption and SHA-Auth...