Splunk® Cloud Services

SPL2 Search Reference

Cryptographic functions

The following list contains the SPL2 functions that you can use to compute the secure hash of string values.

For information about using string and numeric fields in functions, and nesting functions, see Overview of SPL2 eval functions.

md5(<str>)

This function computes and returns the MD5 hash of a string value.

Usage

You can use this function with the eval and where commands, in the WHERE clause of the from command, and as part of evaluation expressions with other commands.

Basic examples

The following example returns a new field n with a message-digest (MD5) 128-bit hash value for the phrase "Hello World".

... | eval n=md5("Hello World")


The following example uses the md5 function, along with several other functions, to create a large random string.

| makeresults count=32768 | eval message=md5("". random()) | stats values(message) as message | eval message = mvjoin(message, "")

  • The makeresults command creates 32768 results with timestamps.
  • The eval command creates a new field called message:
    • The random function returns a random numeric field value for each of the 32768 results. The "". makes the numeric number generated by the random function into a string value.
    • The md5 function creates a 128-bit hash value from the string value.
    • The results of the md5 function are placed into the message field created by the eval command.
  • The stats command with the values function is used to convert the individual random values into one multivalue result.
  • The eval command with the mvjoin function is used to combine the multivalue entry into a single value.

sha1(<str>)

This function computes and returns the secure hash of a string value, based on the FIPS compliant SHA-1 hash function.

Usage

You can use this function with the eval and where commands, in the WHERE clause of the from command, and as part of evaluation expressions with other commands.

Basic example

This example returns the secure hash for the string, using the Secure Hash Algorithm 1 (SHA1).

... | eval n=sha1("Turn Data Into Doing")

sha256(<str>)

This function computes and returns the secure hash of a string value, based on the FIPS compliant SHA-256 (SHA-2 family) hash function.

Usage

You can use this function with the eval and where commands, in the WHERE clause of the from command, and as part of evaluation expressions with other commands.

Basic example

This example returns the secure hash for the string, using the Secure Hash Algorithm 256 (SHA256).

... | eval n=sha256("Put that in your | and Splunk it")

sha512(<str>)

This function computes and returns the secure hash of a string value, based on the FIPS compliant SHA-512 (SHA-2 family) hash function.

Usage

You can use this function with the eval and where commands, in the WHERE clause of the from command, and as part of evaluation expressions with other commands.

Basic example

This example returns the secure hash for the string, using the Secure Hash Algorithm 512 (SHA512).

... | eval n=sha512("You bet your sweet SaaS.")

See also

Function information
Quick Reference for SPL2 eval functions
Overview of SPL2 eval functions
Naming function arguments in the SPL2 Search Manual
Last modified on 14 August, 2024
Conversion functions   Date and Time functions

This documentation applies to the following versions of Splunk® Cloud Services: current

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters