I have stream source data which goes over the Nexus xx then over the (Gigamon) network then to a stream (Linux)forwarder. However sensitive data are not being masked. Please advise what would need to done to mask such data.
I have created a folder under /opt/splunkforwarder/etc/apps called tracfone_SHF_passwordmask_props with SEDCMD-maskPassword = s/PasswordText\">(?<aaa>[^<]*)/PasswordText\">*****/g.However this is not working. Should this props be added under /opt/splunkforwarder/etc/apps/tracfone_forwarders_streamunder /opt/splunkforwarder/etc/apps/tracfone_forwarders_stream