Splunk Dev

Can I create an eval function using a python script?

zchandikaz
New Member

I know how to mask data at indexing time using EVAL and SEDCMD.
But there are more logics I need to consider.

Can I mask data using python script at indexing time or is there any method like that or can I create an eval function using a python script?

Labels (1)
0 Karma

livehybrid
Super Champion

Using Splunk Enterprise you wouldnt be able to do this if you're ingesting through the typical mechanisms. 

The only thing that I can think of that would allow you to do this is using Splunk Data Stream Processor (DSP) - which allows you to create custom functions to apply to data streams and could be used for encryption/masking etc.

https://docs.splunk.com/Documentation/DSP/1.1.0/User/PluginSDK

 

0 Karma
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...