Use the iscc function to determine whether a given string is a valid credit card number. This function checks the string against known credit card number patterns and applies a checksum verification (typically the Luhn algorithm) to validate the structure and integrity of the input.
You can use iscc when analyzing logs that may contain sensitive data to detect accidental leakage of credit card information. It’s also useful when filtering or sanitizing input data, monitoring suspicious behavior, or validating form submissions in telemetry data.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Splunk SPL doesn’t provide a built-in function for validating credit card numbers. To perform similar validation, you typically rely on regular expressions and manual checksum implementations using eval or custom search commands.
datatable(card:string)
[
'4111111111111111',
'1234567890123456'
]
| extend is_cc = iscc(card)ANSI SQL does not define a standard function for credit card validation. You must use a combination of pattern matching with LIKE or REGEXP, plus a user-defined function to implement checksum validation.
datatable(card:string)
[
'4111111111111111',
'1234567890123456'
]
| extend is_cc = iscc(card)Usage
Syntax
iscc(value)Parameters
| Name | Type | Description |
|---|---|---|
| value | string | The string to evaluate for validity. |
Returns
A bool value:
trueif the input string is a valid credit card number.falseotherwise.
Example
Query
['sample-http-logs']
| extend has_credit_card = iscc('4111111111111111')
| project _time, has_credit_cardOutput
| _time | has_credit_card |
|---|---|
| 2025-07-10T10:42:00 | true |