I have an XML file that looks something like this:
<?xml version="1.0" encoding="utf-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<update_identity_request xmlns="">
<firstName>test</firstName>
<lastName>data</lastName>
<preferredLanguage>en_US</preferredLanguage>
<password>3bcgh014</password>
<shipState>CA</shipState>
<shipCountry>USA</shipCountry>
</update_identity_request>
</updateOIMIdentity>
</soapenv:Body>
</soapenv:Envelope>
and i'm trying to mask the password. I have the following in transforms
[password-anonymizer]
REGEX = (?ms)^(.*\<password>)\w+(.*)$
FORMAT = $1##########$2
DEST_KEY = _raw
and also this in props.conf
[masks_password]
TRANSFORMS-anonymize = password-anonymizer
tested my regex in https://regex101.com/ and it seems to be working fine too.
Did you put both these files on every indexer
and then restart Splunk on each one?
Also is masks_password
the sourcetype
of the events that you wish to modify? If not, you need to change the string in your stanza header of props.conf
.
Did you put both these files on every indexer
and then restart Splunk on each one?
Also is masks_password
the sourcetype
of the events that you wish to modify? If not, you need to change the string in your stanza header of props.conf
.
hadn't restarted the indexer. thanks very much
Hello guys,
your regex works really well if you don't use alphanumeric characters. Can you help me find a regex to use with a password that contains alphanumeric characters?
Thanks in advance.