All Apps and Add-ons

Masking stream data before indexing

Engager

I have stream source data which goes over the Nexus xx then over the (Gigamon) network then to a stream (Linux)forwarder.  However sensitive data are not being masked.  Please advise what would need to done to mask such data. 

Labels (1)

Engager

I have created a folder under /opt/splunkforwarder/etc/apps called tracfone_SHF_passwordmask_props with SEDCMD-maskPassword = s/PasswordText\">(?<aaa>[^<]*)/PasswordText\">*****/g.

However this is not working.  

Should this props be added under /opt/splunkforwarder/etc/apps/tracfone_forwarders_streamunder /opt/splunkforwarder/etc/apps/tracfone_forwarders_stream

0 Karma

SplunkTrust
SplunkTrust

See https://docs.splunk.com/Documentation/Splunk/8.0.6/Data/Anonymizedata

---
If this reply helps you, an upvote would be appreciated.
0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!