Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is it possible to filter all values in certain fields from our access logs to nullQueue?

Norling80
Path Finder
‎10-28-2015 06:34 AM

Hey,

We have a regular access log file with fields named UserAgent and Method. Is it possible to send all data in those fields to the nullqueue?

0 Karma
Reply

woodcock
Esteemed Legend
‎10-29-2015 01:01 PM

As @aholzer said, this is not possible but you can anonymize it as documented here:

http://docs.splunk.com/Documentation/Splunk/6.2.0/Data/Anonymizedatausingconfigurationfiles

0 Karma
Reply

aholzer
Motivator
‎10-28-2015 08:16 AM

I don't think so. But you should look into masking data.

You'll have to define regex, to detect what you are looking for, and provide what you want to replace it with.

Hope this helps.

Reply

Norling80
Path Finder
‎10-28-2015 08:49 AM

Thanks, we will look into that.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...