Using request or response content as data sources

When you specify an HTTP request or response as the data source for a custom field, you can access the body content of web traffic. Accessing the body content is useful when you want to search for a specific string on a page, such as an error message, or extract any other meaningful value embedded in a page, such as a customer ID or dollar amount.

The system examines the first 128 KB of content of any HTTP request or response and ignores the rest.

Note

Any confidentiality policies do not apply to the content that is captured from the request or response.

You can configure this feature to capture sensitive information (for example, credit card numbers). You can require explicit authorization from a Security user before enabling an extraction that accesses sensitive information. Subsequent changes to an authorized extraction by anyone other than the creator of the extraction rule can disable the extraction if the modified extraction jeopardizes confidentiality.

After the system extracts the data, you can modify it before storing in the session record. The system supports a variety of built-in transformations, such as substring extraction, regular expressions (regexp), and lookup mappings.

To require authorization to enable an extraction

  1. In the

    The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

    component, point to Administration > Security settings, and then click Services.
  2. On the Services page, select Require approval for header & content extraction.

Related topic

Adding-an-extraction-rule-to-a-custom-field

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*