Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Masking

uagraw01
Motivator
‎09-05-2021 09:05 AM

Hello SPlunkers!!

 

I want to mask below client secret event and for that i am using SEDCMD in props.conf. It is working fine in lab environment. But whenever i have used to deploy this changes in the production it is not working. Please guide me what i am doing wrong here9

Below i have used.( SEDCMD i am using in Props)

SEDCMD-client-secret-1=s/client_secret=([A-Za-z0-9-.%#()_]+)/client_secret=********/g

Below is my event:

grant_type=client_credentials&client_id=dcqac926-6f0f-4784-bd5f-09fa13aeb73b&client_secret=.PM8o5kUF.R562yrqahj35_Lr6F%7

 

Thanks in advance

0 Karma
Reply

uagraw01
Motivator
‎09-06-2021 02:19 AM

Please help on this as i need to make the changes as soon as possible.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎09-05-2021 10:01 AM

It's a bit too little information to tell what's wrong.

Are you sure you're defining this sedcmd for the right sourcetype/source?

In case of a bigger architecture than all-in-one - are you deploying it in the proper place on the event's path? (on the ingest path, not on the search-head)

Do your events in prod environment look exactly the same as your lab ones?

0 Karma
Reply

uagraw01
Motivator
‎09-05-2021 10:32 AM

@PickleRick  Yes all the sourcetype settings are correct and i am picking for correct source and my deployment across deployment slaves are also correct.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...