DB Connect 3: reformat/encrypt fields data before ...

All Apps and Add-ons

Hi ninjas,

I am using DB Connect 2.x for getting data from DB to Splunk. There are some sensitive fields which are not allowed to show in clear text, hence I had to hash/encrypt the data before indexing in Splunk.

I tried to hash/encrypt the fields in SQL, but it turned out very high CPU consumption in DB. I solved this issue by modified DB Connect 2.x code (in Python) to encrypt field data before sending to event stream. This also helped to scale out the computation to a cluster of heavy forwarders. But with DB Connect 3.x I am unable to do that.

Are there any solution to hash/encrypt the field data before indexing to Splunk using DB Connect 3.x ? Something like adding a custom handler to process the data/result set from DB before DBX 3.x sending the events to HEC.

I am going to upgrade to DBX 3.x because of its performance and stability. I found the same requirement in this post but no solution yet (https://answers.splunk.com/answers/488681/can-splunk-db-connect-reformat-data-before-indexin.html)

Thank you very much.

Lang

Get Updates on the Splunk Community!

DB Connect 3: reformat/encrypt fields data before submit to HEC for indexing

development

troubleshooting

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?