I have stream source data which goes over the Nexus xx then over the (Gigamon) network then to a stream (Linux)forwarder. However sensitive data are not being masked. Please advise what would need to done to mask such data.
I have created a folder under /opt/splunkforwarder/etc/apps called tracfone_SHF_passwordmask_props with SEDCMD-maskPassword = s/PasswordText\">(?<aaa>[^<]*)/PasswordText\">*****/g.
However this is not working.
Should this props be added under /opt/splunkforwarder/etc/apps/tracfone_forwarders_streamunder /opt/splunkforwarder/etc/apps/tracfone_forwarders_stream
See https://docs.splunk.com/Documentation/Splunk/8.0.6/Data/Anonymizedata