Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create regex that indexes time masking maintaining string length vol. III

bruncio
Loves-to-Learn Lots
‎03-31-2022 07:14 AM

Hi all,
as in the previous posts I and II I'd like to anonymize names of cities and to keep the length of a string.
The nature of logs is quite complex. I'm sharing the part in question:

2022-03-31 15:23:11,210 INFO ...
 - ... 381 lines omitted ...
F_AUSWEISENDE=12.02.2022 
F_AUSWEISNUMMER=A2A2A2AAA
F_BEHOERDE=Berlin
F_BV_FREITEXTANTRAG= ---------------

What I'd like to get is:

2022-03-31 15:23:11,210 INFO ...
 - ... 381 lines omitted ...
F_AUSWEISENDE=12.02.2022 
F_AUSWEISNUMMER=A2A2A2AAA
F_BEHOERDE=XXXXXX
F_BV_FREITEXTANTRAG= ---------------

Sometimes, unfortunately, the names are more complex and include processing errors:

F_BEHOERDE=Stadt Rastatt B\xFCrgerb\xFCro
then I'd like to get:
F_BEHOERDE=XXXXX XXXXXXX XXXXXXXXXXXXXXXX

I've managed to create the regex which anonymizes city names but doesn't keep the length of them. If the dynamic version is not possible. Probably I will need to stick with this:

s/F_BEHOERDE=.*/F_BEHOERDE=XXXXX/g

 I'll be grateful for any hints

Labels (1)
Labels
Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...