This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[Q] - How to mask IPv6 on ingestion

Go to solution
mark_forrester
Participant

‎26 Jul 2024 12:40 PM

Hi Community

I'm trying to mask a IPv6 address on log ingestion but struggling to get the commad right

I find the IPv6 in the logs using the following command
// detect ip
| parse content, "LD IPADDR:ip LD"
| fieldsAdd ip = if(ipIsPublic(ip), ip, else: null)

However when trying to mask using a similar command I get the below error, can anyone advise the right command to mask a IPv6 detected string in a log entry.

USING(INOUT content)
| PARSE (content,"LD IPADDR:ip LD")
| FIELDS_ADD(content: REPLACE_PATTERN(content, ip,"*** DT MASKING ***"))

mark_forrester_0-1721993998283.png

 

 

Labels:
Reply
5 REPLIES 5

Go to solution
AntonPineiro
DynaMight Guru
DynaMight Guru

‎26 Jul 2024 03:55 PM

Hi,

Maybe, can you share some logs lines content where you want to extract that information?

Best regards

❤️ Emacs ❤️ Vim ❤️ Bash ❤️ Perl
0 Kudos
Reply

Go to solution
DanielS
DynaMight Guru
DynaMight Guru

‎26 Jul 2024 10:00 PM

Hello @mark_forrester  Hope it helps

DanielS_0-1722027559099.png

Is not ingestion but does the same job

The true delight is in the finding out rather than in the knowing.
Reply

Go to solution
mark_forrester
Participant

‎29 Jul 2024 09:14 AM

Here is an edited sample content output in DT @DanielS your example fails on this example as no matches found.

{ "log-type":"access", "domain":"@domain_name@", "time":"2024-07-29T08:03:53.435Z", "process":"582", "filename":"/var/www/html/rb_bf61376cao", "remoteIP":"2a00:2a00:6416:5d01:51bb:1d00:e019:92c1", "x-forwarded-for":"-", "host":"www.ourdomain.co.uk", "request":"/rb_bf61376cao", "query":"?type=js3&sn=v_4_srv_1_sn_89E82F0035A9458ED42E462151D39F6F_mvisitor_1724274919_msn_4-2D0_perc_100000_ol_0_mul_1_app-3Afc8a255d717e7ed8_1_rcs-3Acss_0&svrid=1&flavor=post&vi=PDHUTTNIVUULRVNDHPMLWCCVTKRBRRKR-0&modifiedSince=1722019465728&rf=https%3A%2F%2Fwww.ourdomain.co.uk%2Fpubdeals%3Futm_source%3Dsizzlapp%26utm_medium%3Dapp%23%2F&bp=3&app=fc8a255d717e7ed8&crc=3798105690&en=l3f8ysai&end=1", "method":"POST", "status":"200", "userAgent":"Mozilla/5.0 (Linux; Android 14; SM-A528B Build/UP1A.231005.007; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/126.0.6478.134 Mobile Safari/537.36", "referer":"https://www.ourdomain.co.uk/pubdeals?utm_source=sizzlapp&utm_medium=app" },

0 Kudos
Reply

Go to solution
DanielS
DynaMight Guru
DynaMight Guru
In response to mark_forrester

‎31 Jul 2024 08:43 PM

Hello @mark_forrester using this regex in regex101 works perfect with all examples:

(?:[a-fA-F0-9]{1,4}:){7}[a-fA-F0-9]{1,4}

DanielS_2-1722454977449.png

and also in Dynatrace:

DanielS_1-1722454961683.png

let me know how it goes.

 

The true delight is in the finding out rather than in the knowing.
Reply

Go to solution
mark_forrester
Participant
In response to DanielS

‎01 Aug 2024 08:33 AM

Thank you this works a treat 😁

Reply
Ask a question

Featured Posts