Is there a way to replace a certain number of characters with a wildcard in a search query? The asterisk (*) is unfortunately too unspecific for my purposes.
In other query languages there is for example the "?" for a character, or in regex the ".{n}" quantifier, where "n" is the number of characters.
A typical application would be the detection of a base64 encoded single char variable assignment like this:
thus having a search query like this would be very helpful:
script_text=”*JAB?AD0A*”
Hi Markus,
The search doesn’t use Regex, but at least both * and ? should work (https://docs.logpoint.com/docs/search-query-language/en/latest/Search%20Query%20Language/Simple%20Search.html#wildcards). So the query string you mention, *JAB?AD0A* should work perfectly fine. Unless there is some other issue going on with special characters etc.?
For more complicated stuff there’s my old friend, the eval process plugin. It’s match comparison function should be able to do anything you like with Regular Expressions - it’s not the easiest to use but powerful. See https://docs.logpoint.com/docs/evaluation-process-plugin/en/latest/Conditional%20and%20Comparison%20functions.html#match for an example.
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
