Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Masking

uagraw01
Motivator
‎09-05-2021 09:05 AM

Hello SPlunkers!!

 

I want to mask below client secret event and for that i am using SEDCMD in props.conf. It is working fine in lab environment. But whenever i have used to deploy this changes in the production it is not working. Please guide me what i am doing wrong here9

Below i have used.( SEDCMD i am using in Props)

SEDCMD-client-secret-1=s/client_secret=([A-Za-z0-9-.%#()_]+)/client_secret=********/g

Below is my event:

grant_type=client_credentials&client_id=dcqac926-6f0f-4784-bd5f-09fa13aeb73b&client_secret=.PM8o5kUF.R562yrqahj35_Lr6F%7

 

Thanks in advance

0 Karma
Reply

uagraw01
Motivator
‎09-06-2021 02:19 AM

Please help on this as i need to make the changes as soon as possible.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎09-05-2021 10:01 AM

It's a bit too little information to tell what's wrong.

Are you sure you're defining this sedcmd for the right sourcetype/source?

In case of a bigger architecture than all-in-one - are you deploying it in the proper place on the event's path? (on the ingest path, not on the search-head)

Do your events in prod environment look exactly the same as your lab ones?

0 Karma
Reply

uagraw01
Motivator
‎09-05-2021 10:32 AM

@PickleRick  Yes all the sourcetype settings are correct and i am picking for correct source and my deployment across deployment slaves are also correct.

0 Karma
Reply
Get Updates on the Splunk Community!

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...