All Apps and Add-ons

DB Connect 3: reformat/encrypt fields data before submit to HEC for indexing

langlv
Engager

Hi ninjas,

 

I am using DB Connect 2.x for getting data from DB to Splunk. There are some sensitive fields which are not allowed to show in clear text, hence I had to hash/encrypt the data before indexing in Splunk.

 

I tried to hash/encrypt the fields in SQL, but it turned out very high CPU consumption in DB. I solved this issue by modified DB Connect 2.x code (in Python) to encrypt field data before sending to event stream. This also helped to scale out the computation to a cluster of heavy forwarders. But with DB Connect 3.x I am unable to do that.

 

Are there any solution to hash/encrypt the field data before indexing to Splunk using DB Connect 3.x ? Something like adding a custom handler to process the data/result set from DB before DBX 3.x sending the events to HEC.

I am going to upgrade to DBX 3.x because of its performance and stability.  I found the same requirement in this post but no solution yet (https://answers.splunk.com/answers/488681/can-splunk-db-connect-reformat-data-before-indexin.html)

 

Thank you very much.

Lang

 

 

Labels (2)
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...