Getting Data In

Data Anonimization - Multiple transforms not working for single _raw event

nareshinsvu
Builder

Hi Punters,

 I am facing issues with Data Anonimization. Below are my conf files. My transforms.conf anonimizes the data if my _raw event have any one regex pattern. But it's not anonimizing my _raw event if it has both the regex patterns. Need help please.

 

xml-anonymizer also doesn't work if my _raw event is having JSON message. But it works fine if the _raw event is a normal line.

 

props.conf

[dp_logs_multiline]
CHECK_METHOD = modtime
NO_BINARY_CHECK = true
SHOULD_LINEMERGE = false
LINE_BREAKER=([\r\n]+)\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}.\d{3}
category = Custom
disabled = false
pulldown_type = 1
MAX_TIMESTAMP_LOOKAHEAD = 24
TIME_FORMAT = %Y-%m-%d %H:%M:%S.%3N
TIME_PREFIX = ^
TRANSFORMS-anonymize = json-anonymizer, xml-anonymizer
ANNOTATE_PUNCT = false
TRUNCATE = 100000
MAX_EVENTS = 10000

transforms.conf

[json-anonymizer]
REGEX = (?ms)^(.*\"[sS]hippingAddress\"\s+\:\s+\{)[\s\S]*?(\}.*)$
FORMAT = $1#########JSON PCC DATA ANONIMIZED#############$2
REPEAT_MATCH = true
MV_ADD = true
DEST_KEY = _raw

[xml-anonymizer]
REGEX = (?ms)^(.*\<[bB]illTo\>)[\s\S]*?(\<\/[rR]equestMessage\>.*)$
FORMAT = $1#########XML PCC DATA ANONIMIZED#############$2
REPEAT_MATCH = true
MV_ADD = true
DEST_KEY = _raw

Labels (3)
0 Karma

thambisetty
SplunkTrust
SplunkTrust

Did you try two SEDCMD-class1, SEDCMD-class2. you don't need to have transforms.conf. Having multiple transforms will always be a problem.

————————————
If this helps, give a like below.
0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk Cloud Platform 9.1.2308?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2308! Analysts can ...

Index This | Why do they call it hyper text?

November 2023 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

State of Splunk Careers 2023: Career Resilience and the Continued Value of Splunk

For the past three years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...