I need to pass log data to another applications, but because of security concerns, I need to scrub only the driver license from the results.
Can the scrub command be used to only scrub the driver license without changing the name of the customer?
Although it does not involve the "scrub" command, here is some info on anonymizing data being indexed, using a regular expression or sed script:
You might also consider the options in this topic about anonymizing data samples:
Hope this helps!
I prefer going through the docs posted by @frobinson[Splunk] first.
To give you an idea, use this run anywhere example. This is search time
|gentimes start=-1|eval First="Raghav",Last="Gomatham",LicenseID="123456789"|rex mode=sed field=LicenseID "s/\d+/XXXXXXXXX/g"
To set it in props.conf, use the sourcetype of the data
SEDCMD-license = s/\d+/XXXXXXXXX/g and bounce the service.