Mask a Credit Card from a CSV file using transform...

cesar_tomas · ‎03-25-2019

Hi Everyone,

I am new at masking data and I want to mask a field wich corresponds to a TDC from a CSV file.

Here are sample of data that is already indexed in Splunk:

10,I,T10,4152312098821234,05/05/2018,12:43:12 a. m.," $1,000.00 "
19,R,T19,4152312098348591,05/05/2018,09:43:12 a. m.," $1,900.00 "

If you look the third field is the credit card number.

I have set the next things in Transforms.conf

[tdc-anonymizer]
REGEX = ^(?:[^,\n]*,){3}
FORMAT = \d{4}########\d{4}
DEST_KEY = _raw

I have set the next in propf.conf

[csv]
REPORT-anonymize = tdc-anonymizer

But it does not work, can anyone please help me ??

I have also try this pair of options in transforms.conf but do not work too

[tdc-anonymizer]
REGEX = ^(?:[^,\n]*,){3}$
FORMAT = $1\d{4}########\d{4}$2
DEST_KEY = _raw

[tdc-anonymizer]
REGEX = ^(?:[^,\n]*,){3}$(?P\d{16})
FORMAT = $1\d{4}########\d{4}$2
DEST_KEY = _raw

Thanks in advance

harsmarvania57 · ‎03-27-2019

Do you want to mask already indexed data or you want to mask new data which will ingest into splunk ? If you want to mask already indexed data then it is not possible because you can't alter indexed data in bucket.

cesar_tomas · ‎03-25-2019

I forgot to mention that I want the format like the 4 digits of the credit card visible and the last 4 digits too.

Example of the first occurrency

HOw is it now: 4152312098821234
How i want it: 4152########1234

Regards

Mask a Credit Card from a CSV file using transforms and props files

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk