Hello SPlunkers!!
I want to mask below client secret event and for that i am using SEDCMD in props.conf. It is working fine in lab environment. But whenever i have used to deploy this changes in the production it is not working. Please guide me what i am doing wrong here9
Below i have used.( SEDCMD i am using in Props)
SEDCMD-client-secret-1=s/client_secret=([A-Za-z0-9-.%#()_]+)/client_secret=********/g
Below is my event:
grant_type=client_credentials&client_id=dcqac926-6f0f-4784-bd5f-09fa13aeb73b&client_secret=.PM8o5kUF.R562yrqahj35_Lr6F%7
Thanks in advance
Please help on this as i need to make the changes as soon as possible.
It's a bit too little information to tell what's wrong.
Are you sure you're defining this sedcmd for the right sourcetype/source?
In case of a bigger architecture than all-in-one - are you deploying it in the proper place on the event's path? (on the ingest path, not on the search-head)
Do your events in prod environment look exactly the same as your lab ones?
@PickleRick Yes all the sourcetype settings are correct and i am picking for correct source and my deployment across deployment slaves are also correct.