Splunk® Cloud Services

SPL2 Search Reference

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Cryptographic functions

The following list contains the functions that you can use to compute the secure hash of string values.

For information about using string and numeric fields in functions, and nesting functions, see Overview of SPL2 eval functions.

md5(<str>)

This function computes and returns the MD5 hash of a string value.

Usage

You can use this function with the eval and where commands, in the WHERE clause of the from command, and as part of evaluation expressions with other commands.

To use named arguments, you must specify the argument name before the argument value. For example: 

... md5(str:"Hello World")

Basic examples

The following example returns a new field n with a message-digest (MD5) 128-bit hash value for the phrase "Hello World".

... | eval n=md5("Hello World")


The following example uses the md5 function, along with several other functions, to create a large random string.

| makeresults count=32768 | eval message=md5("". random()) | stats values(message) as message | eval message = mvjoin(message, "")

  • The makeresults command creates 32768 results with timestamps.
  • The eval command creates a new field called message:
    • The random function returns a random numeric field value for each of the 32768 results. The "". makes the numeric number generated by the random function into a string value.
    • The md5 function creates a 128-bit hash value from the string value.
    • The results of the md5 function are placed into the message field created by the eval command.
  • The stats command with the values function is used to convert the individual random values into one multivalue result.
  • The eval command with the mvjoin function is used to combine the multivalue entry into a single value.

sha1(<str>)

This function computes and returns the secure hash of a string value, based on the FIPS compliant SHA-1 hash function.

Usage

You can use this function with the eval and where commands, in the WHERE clause of the from command, and as part of evaluation expressions with other commands.

To use named arguments, you must specify the argument name before the argument value. For example: 

... sha1(str:"Data to Everything")

Basic example

This example returns the secure hash for the string, using the Secure Hash Algorithm 1 (SHA1).

... | eval n=sha1("Turn Data Into Doing")

sha256(<str>)

This function computes and returns the secure hash of a string value, based on the FIPS compliant SHA-256 hash function.

Usage

You can use this function with the eval and where commands, in the WHERE clause of the from command, and as part of evaluation expressions with other commands.

To use named arguments, you must specify the argument name before the argument value. For example: 

... sha256(str:"More brain, less surgery.")

Basic example

This example returns the secure hash for the string, using the Secure Hash Algorithm 256 (SHA256).

... | eval n=sha256("Put that in your | and Splunk it")

sha512(<str>)

This function computes and returns the secure hash of a string value, based on the FIPS compliant SHA-512 hash function.

Usage

You can use this function with the eval and where commands, in the WHERE clause of the from command, and as part of evaluation expressions with other commands.

To use named arguments, you must specify the argument name before the argument value. For example: 

... sha512(str:"Can you SPL?")

Basic example

This example returns the secure hash for the string, using the Secure Hash Algorithm 512 (SHA512).

... | eval n=sha512("You bet your sweet SaaS.")

See also

Functions
SPL2 eval functions Quick Reference
Overview of SPL2 eval functions
Last modified on 08 September, 2021
PREVIOUS
Conversion functions
  NEXT
Date and Time functions

This documentation applies to the following versions of Splunk® Cloud Services: current


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters