Archive
Highlighted

Can the scrub command be used to scrub only the driver license field from results?

Path Finder

I need to pass log data to another applications, but because of security concerns, I need to scrub only the driver license from the results.
Can the scrub command be used to only scrub the driver license without changing the name of the customer?

Tags (2)
0 Karma
Highlighted

Re: Can the scrub command be used to scrub only the driver license field from results?

Splunk Employee
Splunk Employee

Hi @chintan_shah,
Although it does not involve the "scrub" command, here is some info on anonymizing data being indexed, using a regular expression or sed script:
http://docs.splunk.com/Documentation/Splunk/6.4.1/Data/Anonymizedata

You might also consider the options in this topic about anonymizing data samples:
http://docs.splunk.com/Documentation/Splunk/6.4.1/Troubleshooting/AnonymizedatasamplestosendtoSuppor...

Hope this helps!

0 Karma
Highlighted

Re: Can the scrub command be used to scrub only the driver license field from results?

Motivator

Hello,

I prefer going through the docs posted by @frobinson[Splunk] first.

To give you an idea, use this run anywhere example. This is search time

|gentimes start=-1|eval First="Raghav",Last="Gomatham",LicenseID="123456789"|rex mode=sed field=LicenseID "s/\d+/XXXXXXXXX/g"

To set it in props.conf, use the sourcetype of the data

[sourcetype]
SEDCMD-license = s/\d+/XXXXXXXXX/g and bounce the service.

Hope this helps!

Thanks,
Raghav

0 Karma