Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk AppDynamics
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Splunk Platform
- :
- Splunk AppDynamics
- :
- Re: Java app-agent-config.xml - use of regex to ma...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Alex_Oliveira
Engager
09-16-2022
02:16 AM
Hi,
I'm trying to use match-pattern - regex inside the app-agent-config.xml in our java microservice, but it does not work properly.
E.g.:
<sensitive-url-filter delimiter="/"
segment="3,4,5,6"
match-filter="REGEX"
match-pattern=":"
param-pattern="myParam|myAnotherParam"/>this should mask selected segments that contains : but it masks everything.
If I do match-pattern="=" it works as expected (masking segment that contains "=" in the string)
Another examples that do not work (they mask everything):
match-pattern=":"
match-pattern="\x3A" (3A is ":" in ASCII table)
match-pattern="[^a-z¦-]+" (should return true if there is anything other than lower letters and "-")
match-pattern=":|="
Thank you
Best regards,
Alex Oliveira
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kenji_Kumada
Path Finder
10-04-2022
01:10 AM
Hi @Alex.Oliveira,
I have checked the implementation for this URL filtering feature in the Java agent in version 22.9.0, the latest version as of now. This feature matches the specified "match-pattern" against the whole URL, not against each segment content. After finding matches against the URL, it masks the segments specified in the configuration regardless of the segments' content.
I tested your configuration
<sensitive-url-filter delimiter="/"
segment="3,4,5,6"
match-filter="REGEX"
match-pattern=":"
param-pattern="myParam|myAnotherParam"/>with this URL
http://dummy.com:443/seg2/seg3/seg4/seg5/seg6/seg7?myParam=1&yourParam=2It resulted in
http://dummy.com:443/seg2/*****/*****/*****/*****/seg7?myParam=*****&yourParam=2
This is because `:` matches in the http protocol and segments 3, 4, 5 and 6 are specified.
When I changed match-patter from ":" to "=", the result was the same
http://dummy.com:443/seg2/*****/*****/*****/*****/seg7?myParam=*****&yourParam=2This is because '=' matches in the last segment `seg7?myParam=1&yourParam=2`.
This is different from the result you described when you put match-pattern=":". This may be due to different java agent versions or different java environments. If you share information about your environment and example URLs, maybe we can investigate further.
Best regards,
Kenji
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kenji_Kumada
Path Finder
10-04-2022
01:10 AM
Hi @Alex.Oliveira,
I have checked the implementation for this URL filtering feature in the Java agent in version 22.9.0, the latest version as of now. This feature matches the specified "match-pattern" against the whole URL, not against each segment content. After finding matches against the URL, it masks the segments specified in the configuration regardless of the segments' content.
I tested your configuration
<sensitive-url-filter delimiter="/"
segment="3,4,5,6"
match-filter="REGEX"
match-pattern=":"
param-pattern="myParam|myAnotherParam"/>with this URL
http://dummy.com:443/seg2/seg3/seg4/seg5/seg6/seg7?myParam=1&yourParam=2It resulted in
http://dummy.com:443/seg2/*****/*****/*****/*****/seg7?myParam=*****&yourParam=2
This is because `:` matches in the http protocol and segments 3, 4, 5 and 6 are specified.
When I changed match-patter from ":" to "=", the result was the same
http://dummy.com:443/seg2/*****/*****/*****/*****/seg7?myParam=*****&yourParam=2This is because '=' matches in the last segment `seg7?myParam=1&yourParam=2`.
This is different from the result you described when you put match-pattern=":". This may be due to different java agent versions or different java environments. If you share information about your environment and example URLs, maybe we can investigate further.
Best regards,
Kenji
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Alex_Oliveira
Engager
10-05-2022
05:37 PM
Hi Kenji,
I didn't realize that the regex would consider the full url.
Now I did a proper regex taking this into consideration.
Thank you
Get Updates on the Splunk Community!
New This Month - Splunk Observability updates and improvements for faster ...
What’s New?
This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...
What's New in Splunk Cloud Platform 9.3.2411?
Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...
Buttercup Games: Further Dashboarding Techniques (Part 6)
This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
