Hi ninjas,
I am using DB Connect 2.x for getting data from DB to Splunk. There are some sensitive fields which are not allowed to show in clear text, hence I had to hash/encrypt the data before indexing in Splunk.
I tried to hash/encrypt the fields in SQL, but it turned out very high CPU consumption in DB. I solved this issue by modified DB Connect 2.x code (in Python) to encrypt field data before sending to event stream. This also helped to scale out the computation to a cluster of heavy forwarders. But with DB Connect 3.x I am unable to do that.
Are there any solution to hash/encrypt the field data before indexing to Splunk using DB Connect 3.x ? Something like adding a custom handler to process the data/result set from DB before DBX 3.x sending the events to HEC.
I am going to upgrade to DBX 3.x because of its performance and stability. I found the same requirement in this post but no solution yet (https://answers.splunk.com/answers/488681/can-splunk-db-connect-reformat-data-before-indexin.html)
Thank you very much.
Lang