Hey, sorry for all the messages asks but curious here:Does Cribl provide functionality to compute a network flow hash according to the Community ID Flow Hash specification for given fields and provide the output to a new field? https://www.elastic.co/guide/en/beats/filebeat/current/community-id.html
Page 1 / 1
This is not a built-in function. Possibly(?) you could accomplish it in a Code function. Would depend heavily on if you could do it with base Typescript (JS) functions, or require external libraries (not good)
<@ULBGHDPNY> Any potential for this to be included in future releases of Cribl? This seems to be a common function that would be really useful for customers
From what i can gather (1st time ever running across it), it seems like a pretty simple function. A Code function would not be required. Assuming you have `srcIp`, `dstIp`, `proto`, `srcPort`, `dstPort` and a seed value, very straightforward to do this with Eval:`cidfh` => `C.Mask.sha1(seed + srcIp + dstIp + proto + 0 + srcPort + dstPort,16)`
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.