Hey,
We have a regular access log file with fields named UserAgent and Method. Is it possible to send all data in those fields to the nullqueue?
I don't think so. But you should look into masking data.
You'll have to define regex, to detect what you are looking for, and provide what you want to replace it with.
Hope this helps.
Thanks, we will look into that.
As @aholzer said, this is not possible but you can anonymize it as documented here:
anonymize
http://docs.splunk.com/Documentation/Splunk/6.2.0/Data/Anonymizedatausingconfigurationfiles
