Native Cribl LogStream function methods can be found under C.* and can be invoked from any function that allows for expression evaluations. For example, to create a field that is the SHA1 of a another field's value you can use the Eval function:
myNewField
C.Mask.sha1(myOtherField)
C.Crypto - Data encryption and decryption functions
C.Crypto.decrypt
method Crypto.decrypt(value: string): string
Decrypt all occurrences of ciphers in the given value. Instances that cannot be decrypted (for any reason) are left intact.
@param - value - string where to look for ciphers
@returns - - value with ciphers decrypted
C.Crypto.encrypt
(method) Crypto.encrypt(value: any, keyclass: number, keyId?: string, defaultVal?: string): string
Encrypt the given value with the keyId or a keyId picked up automatically based on keyclass
@param {string | Buffer} value - what to encrypt
@param - keyclass - if keyId isn't specified, pick one at the given keyclass.
@param - keyId - encryption keyId, takes precedence over keyclass
@param - defaultVal - what to return if encryptions fails for any reason, if unspecified the original value is returned
@returns - - if encryption succeeds the encrypted value, otherwise defaultVal if specifier, otherwise value.
C.Decode - Data decoding functions
C.Decode.base64
(method) Decode.base64(val: string, resultEnc?: string): any
Performs base64 decoding of the given string and returns a string or Buffer depending on resultEnc value, which defaults to 'utf8'
@param - val value to base64 decode
@param - resultEnc encoding to use to convert the binary data to a string. defaults to 'utf8', use 'utf8-valid' to validate result is valid UTF8, use 'buffer' if you need the binary data in a Buffer.
C.Decode.gzip
(method) Decode.gzip(value: any, encoding?: string): string
Gunzip the supplied value.
@param - value The value to gunzip.
@param - encoding Encoding of value, for example: 'base64', 'hex', 'utf-8', 'binary'; default is 'base64'. If data received as Buffer (from gzip with encoding:'none') decoding is skipped.
C.Decode.hex
(method) Decode.hex(val: string): number
Performs hex to number conversion. Returns NaN if value cannot be converted to a number
@param - val hex string to parse to a number (eg. 0xcafe)
C.Decode.uri
(method) Decode.uri(val: string): string
Performs uri decoding of the given string
@param - val value to uri decode
C.Encode - Data encoding functions
C.Encode.base64
(method) Encode.base64(val: any, trimTrailEq?: boolean): string
Returns a base64 representation of the given string or Buffer
@param - val value to base64 encode
@param - trimTrailEq whether to trim any trailing =
C.Encode.gzip
(method) Encode.gzip(value: string, encoding?: string): any
Gzip and optionally base64 encode the supplied value.
@param - value The value to gzip.
@param - encoding Encoding of value, for example: 'base64', 'hex', 'utf-8', 'binary', 'none'; default is 'base64'. If 'none' is specified data will be returned as a Buffer.
C.Encode.hex
(method) Encode.hex(val: string | number): string
Rounds the number to an integer and returns it's hex representation (lower case). If a string is provided it will be parsed into a number or NaN.
@param - val value to convert to hex
C.Encode.uri
(method) Encode.uri(val: string): string
Returns the uri encoded representation of the given string
@param - val value to uri encode
C.env - Environment
C.env
(property) env: {[key: string]: string;}
An object containing the environment variables
C.Lookup - Inline Lookup Functions
C.Lookup - Exact Lookup
(property) Lookup: (file: string, primaryKey?: string, otherFields?: string[]) => InlineLookup
Returns an instance of a lookup to use inline
C.LookupCIDR - CIDR Lookup
(property) Lookup: (file: string, primaryKey?: string, otherFields?: string[]) => InlineLookup
Returns an instance of a CIDR lookup to use inline
C.LookupRegex - Regex Lookup
(property) Lookup: (file: string, primaryKey?: string, otherFields?: string[]) => InlineLookup
Returns an instance of a Regex lookup to use inline
(method) InlineLookup.match(value: string, fieldToReturn?: string): any
@param - value the value to lookup
@param - fieldToReturn name of the lookup file field to return
E.g., C.Lookup('lookup-exact.csv', 'foo').match('abc', 'bar')
Return the value of field bar if field foo matches abc.
Example 1: C.LookupCIDR('lookup-cidr.csv', 'foo').match('192.168.1.1', 'bar')
Return the value of field bar if the CIDR range in foo includes 192.168.1.1.
Example 2: C.LookupCIDR('lookup-cidr.csv', 'cidr').match(hostIP, 'location')
Example 3: C.LookupRegex('lookup-regex.csv', 'foo').match('manchester', 'bar')
Return the value of field bar if the Regex in foo matches the string manchester.
C.Mask - Data Masking Functions
C.Mask.CC
(method) Mask.CC(value: string, unmasked?: number, maskChar?: string): string
Check that value could be a valid credit card number and mask a subset of the value. By default all digits except the last 4 will be replaced with X.
@param - value - a string whose digits to mask iff it could be a valid credit card number
@param - unmasked - number of unmasked digits, positive for left, negative for right, 0 for none
@param - maskChar - a string/char to replace a digit with
C.Mask.IMEI
(method) Mask.IMEI(value: string, unmasked?: number, maskChar?: string): string
Check that value could be a vlaid IMEI number and mask a subset of the value. By default all digits except the last 4 will be replaced with X.
@param - value - a string whose digits to mask iff it could be a valid IMEI number
@param - unmasked - number of unmasked digits, positive for left, negative for right, 0 for none
@param - maskChar - a string/char to replace a digit with
C.Mask.isCC
(method) Mask.isCC(value: string): boolean
Checks that the given value could be a valid credit card number, by computing the string's Lunh's checksum modulo 10 == 0
@param - value - a string to check for being a valid credit card number
C.Mask.isIMEI
(method) Mask.isIMEI(value: string): boolean
Checks that the given value could be a valid IMEI number, by computing the string's Lunh's checksum modulo 10 == 0
@param - value - a string to check for being a valid IMEI number
C.Mask.luhn
(method) Mask.luhn(value: string, unmasked?: number, maskChar?: string): string
Check that value Lunh's checksum moad 10 is 0 and mask a subset of the value. By default all digits except the last 4 will be replaced with X. If the value's Lunh's checksum mod 10 is not 0, then the value is returned unmodified.
@param - value - a string whose digits to mask iff the value's Lunh's checksum mod 10 is 0
@param - unmasked - number of unmasked digits, positive for left, negative for right, 0 for none
@param - maskChar - a string/char to replace a digit with
C.Mask.LUHN_SUB
(property) Mask.LUHN_SUB: any
C.Mask.luhnChecksum
(method) Mask.luhnChecksum(value: string, mod?: number): number
Generates the Luhn checksum (used to validate certain credit card numbers, imei etc) By default the mod 10 of the checksum is returned, pass mod = 0 to get actual checksum
@param - value a string whose digits you want to perform the Lunh checksum on
@param - mod return checksum module this number, if 0 skip modulo, default is 10
C.Mask.md5
(method) Mask.md5(value: string, len?: string | number): string
Generate MD5 hash of given value
@param - value compute hash of this
@param - len length of hash to return: 0 for full hash, a +number for left or a -number for right substring. If a string is passed it's length will be used
C.Mask.random
(method) Mask.random(len?: string | number): string
Generates a random alphanumeric string
@param - len a number indicating the length or the result, or if a string use it's length
C.Mask.REDACTED
(property) Mask.REDACTED: string
The literal 'REDACTED'
C.Mask.repeat
(method) Mask.repeat(len?: string | number, char?: string): string
Generates a repeating char/string pattern, e.g XXXX
@param - len a number indicating the length or the result, or if a string use it's length
@param - char pattern which to repeat len times
C.Mask.sha1
(method) Mask.sha1(value: string, len?: string | number): string
Generate SHA1 hash of given value
@param - value - compute hash of this
@param - len - length of hash to return: 0 for full hash, a +number for left or a -number for right substring. If a string is passed it's length will be used
C.Net - Network Functions
C.Net.cidrMatch()
(method) Net.cidrMatch(cidrIpRange: string, ipAddress: string): boolean
Determines if the supplied IPv4 ipAddress is inside the range of addresses identified by cidrIpRange. For example: C.Net.cidrMatch ('10.0.0.0/24', '10.0.0.100') returns true
@param - cidrIpRange - IPv4 address range in cidr format. E.g., 10.0.0.0/24
@param - ipAddress - The IPv4 IP address to test for inclusion in cidrIpRange
C.Net.ipv6Normalize()
(method) Net.ipv6Normalize(address: string): string
Normalize an IPV6 address based on RFC draft-ietf-6man-text-addr-representation-04
@param - address - the IPV6 address to normalize
C.Net.isPrivate()
(method) Net.isPrivate(address: string): string
Determine if the supplied IPv4 address is in the range of private addresses per RFC1819.
@param - address - address to test
C.os - System Functions
C.confVersion
Returns Cribl LogStream config version.
C.os.hostname()
Returns hostname of system running this Cribl LogStream instance.
C.Schema - Schema Functions
C.Schema()
(property) Schema: (id: string) => SchemaValidator
(method) SchemaValidator.validate(data: any): boolean
Validates the given object against the schema
@param - data object to be validated
@returns - true when schema is valid, otherwise false
e.g., C.Schema('schema1').validate(myField) will validate if myField object conforms schema1 .
See Schema Library for more details.
C.Text - Text Functions
C.Text.entropy()
(method) Text.entropy(bytes: any): number
Computes the Shannon entropy of the given buffer or string.
@param - bytes - value to compute Shanon entropy of.
@returns - the entropy value or -1 in case of an error.
C.Text.hashCode()
(method) Text.hashCode(val: string | Buffer | number): number
Computes hashcode (djb2) of the given value.
@param - val - value to compute the hash of
@returns - hashcode value
C.Text.isASCII()
(method) Text.isASCII(bytes: any): boolean
Checks whether all bytes or chars are in the ASCII printable range.
@param - bytes - value to check for character range.
@returns - true if all chars/bytes are within ASCII printable range, false otherwise.
C.Text.isUTF8()
(method) Text.isUTF8(bytes: any): boolean
Checks whether the given Buffer contains valid UTF8
@param - bytes - bytes to check.
@returns - true if bytes are UTF8, false otherwise.
C.Text.relativeEntropy()
(method) Text.relativeEntropy(bytes: any, modelName?: string): number
Computes the relative entropy of the given buffer or string
@param - bytes - value to compute relative entropy of
@param - string modelName - The name of the model to test string with.
@returns - the relative entropy value or -1 in case of an error
C.Time - Time Functions
C.Time.strftime()
(method) Time.strftime(date: number | Date, format: string, utc?: boolean): string
Format a [Date][1] or number as a time string using [strftime specifier][2] [1]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date [2]: https://github.com/d3/d3-time-format#api-reference
@param - date - Date object or number (seconds since epoc) to format
@param - format - specifier to use to format the date
@param - utc - whether to output the time in UTC rather than local timezone
@returns - representation of the given date
C.Time.strptime()
(method) Time.strptime(str: string, format: string, utc?: boolean, strict?: boolean): Date
Extract time from a string using [strptime specifier][2] - if successful a [Date][1] object is returned otherwise null. [1]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date [2]: https://github.com/d3/d3-time-format#locale_format
@param - str - string to parse to a timestamp (see strict flag)
@param - format - strptime specifier
@param - utc - whether to interpret times as UTC rather than local time
@param - strict - whether to return null if there are any extra characters after timestamp
@returns - the parsed date or null if the specifier did not match
C.Time.timestampFinder()
(method) Time.timestampFinder(utc?: boolean): AutoTimeParser
C.vars - Global Variables
See Global Variables Library for more details.
C.version - Cribl LogStream Version
(property) version: string
Cribl LogStream Version
Updated about a month ago