Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to create regex that indexes time masking maintaining string length vol. III

bruncio
Engager
‎03-31-2022 07:14 AM

Hi all,
as in the previous posts I and II I'd like to anonymize names of cities and to keep the length of a string.
The nature of logs is quite complex. I'm sharing the part in question:

2022-03-31 15:23:11,210 INFO ...
 - ... 381 lines omitted ...
F_AUSWEISENDE=12.02.2022 
F_AUSWEISNUMMER=A2A2A2AAA
F_BEHOERDE=Berlin
F_BV_FREITEXTANTRAG= ---------------

What I'd like to get is:

2022-03-31 15:23:11,210 INFO ...
 - ... 381 lines omitted ...
F_AUSWEISENDE=12.02.2022 
F_AUSWEISNUMMER=A2A2A2AAA
F_BEHOERDE=XXXXXX
F_BV_FREITEXTANTRAG= ---------------

Sometimes, unfortunately, the names are more complex and include processing errors:

F_BEHOERDE=Stadt Rastatt B\xFCrgerb\xFCro
then I'd like to get:
F_BEHOERDE=XXXXX XXXXXXX XXXXXXXXXXXXXXXX

I've managed to create the regex which anonymizes city names but doesn't keep the length of them. If the dynamic version is not possible. Probably I will need to stick with this:

s/F_BEHOERDE=.*/F_BEHOERDE=XXXXX/g

 I'll be grateful for any hints

Labels (1)
Labels
Tags (2)
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Event Series: Splunk Observability Metrics Cost Optimization

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...