Cribl - Docs

Getting started with Cribl LogStream

Questions? We'd love to help you! Meet us in #cribl (sign up)

Changelog    Guides

Cribl Expressions

Native Cribl function methods can be found under C.* and can be invoked from any function that allows for expression evaluations. For example, to create a field that is the SHA1 of a another field's value you can use the Eval function:

Name
Value Expression

myNewField

C.Mask.sha1(myOtherField)

C.os - System Functions


C.os.hostname()
Returns hostname of system running this Cribl instance.

C.Mask - Data Masking Functions


C.Mask.CC
(method) Mask.CC(value: string, unmasked?: number, maskChar?: string): string
Check that value could be a valid credit card number and mask a subset of the value. By default all digits except the last 4 will be replaced with X.
@param - value - a string whose digits to mask iff it could be a valid credit card number
@param - unmasked - number of unmasked digits, positive for left, negative for right, 0 for none
@param - maskChar - a string/char to replace a digit with

C.Mask.IMEI
(method) Mask.IMEI(value: string, unmasked?: number, maskChar?: string): string
Check that value could be a vlaid IMEI number and mask a subset of the value. By default all digits except the last 4 will be replaced with X.
@param - value - a string whose digits to mask iff it could be a valid IMEI number
@param - unmasked - number of unmasked digits, positive for left, negative for right, 0 for none
@param - maskChar - a string/char to replace a digit with

C.Mask.isCC
(method) Mask.isCC(value: string): boolean
Checks that the given value could be a valid credit card number, by computing the string's Lunh's checksum modulo 10 == 0
@param - value - a string to check for being a valid credit card number

C.Mask.isIMEI
(method) Mask.isIMEI(value: string): boolean
Checks that the given value could be a valid IMEI number, by computing the string's Lunh's checksum modulo 10 == 0
@param - value - a string to check for being a valid IMEI number

C.Mask.luhn
(method) Mask.luhn(value: string, unmasked?: number, maskChar?: string): string
Check that value Lunh's checksum moad 10 is 0 and mask a subset of the value. By default all digits except the last 4 will be replaced with X. If the value's Lunh's checksum mod 10 is not 0, then the value is returned unmodified.
@param - value - a string whose digits to mask iff the value's Lunh's checksum mod 10 is 0
@param - unmasked - number of unmasked digits, positive for left, negative for right, 0 for none
@param - maskChar - a string/char to replace a digit with

C.Mask.LUHN_SUB
(property) Mask.LUHN_SUB: any

C.Mask.luhnChecksum
(method) Mask.luhnChecksum(value: string, mod?: number): number
Generates the Luhn checksum (used to validate certain credit card numbers, imei etc) By default the mod 10 of the checksum is returned, pass mod = 0 to get actual checksum
@param - value a string whose digits you want to perform the Lunh checksum on
@param - mod return checksum module this number, if 0 skip modulo, default is 10

C.Mask.md5
(method) Mask.md5(value: string, len?: string | number): string
Generate MD5 hash of given value
@param - value compute hash of this
@param - len length of hash to return: 0 for full hash, a +number for left or a -number for right substring. If a string is passed it's length will be used

C.Mask.random
(method) Mask.random(len?: string | number): string
Generates a random alphanumeric string
@param - len a number indicating the length or the result, or if a string use it's length

C.Mask.REDACTED
(property) Mask.REDACTED: string
The literal 'REDACTED'

C.Mask.repeat
(method) Mask.repeat(len?: string | number, char?: string): string
Generates a repeating char/string pattern, e.g XXXX
@param - len a number indicating the length or the result, or if a string use it's length
@param - char pattern which to repeat len times

C.Mask.sha1
(method) Mask.sha1(value: string, len?: string | number): string
Generate SHA1 hash of given value
@param - value compute hash of this
@param - len length of hash to return: 0 for full hash, a +number for left or a -number for right substring. If a string is passed it's length will be used

C.Encode - Data encoding functions


C.Encode.base64
(method) Encode.base64(val: any, trimTrailEq?: boolean): string
Returns a base64 representation of the given string or Buffer
@param - val value to base64 encode
@param - trimTrailEq whether to trim any trailing =

C.Encode.hex
(method) Encode.hex(val: string | number): string
Rounds the number to an integer and returns it's hex representation (lower case). If a string is provided it will be parsed into a number or NaN.
@param - val value to convert to hex

C.Encode.uri
(method) Encode.uri(val: string): string
Returns the uri encoded representation of the given string
@param - val value to uri encode

C.Decode - Data decoding functions


C.Decode.base64
(method) Decode.base64(val: string, resultEnc?: string): any
Performs base64 decoding of the given string and returns a string or Buffer depending on resultEnc value, which defaults to 'utf8'
@param - val value to base64 decode
@param - resultEnc encoding to use to convert the binary data to a string. defaults to 'utf8', use 'buffer' if you need the binary data in a Buffer

C.Decode.hex
(method) Decode.hex(val: string): number
Performs hex to number conversion. Returns NaN if value cannot be converted to a number
@param - val hex string to parse to a number (eg. 0xcafe)

C.Decode.uri
(method) Decode.uri(val: string): string
Performs uri decoding of the given string
@param - val value to uri decode