Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Masking

uagraw01
Motivator
‎09-05-2021 09:05 AM

Hello SPlunkers!!

 

I want to mask below client secret event and for that i am using SEDCMD in props.conf. It is working fine in lab environment. But whenever i have used to deploy this changes in the production it is not working. Please guide me what i am doing wrong here9

Below i have used.( SEDCMD i am using in Props)

SEDCMD-client-secret-1=s/client_secret=([A-Za-z0-9-.%#()_]+)/client_secret=********/g

Below is my event:

grant_type=client_credentials&client_id=dcqac926-6f0f-4784-bd5f-09fa13aeb73b&client_secret=.PM8o5kUF.R562yrqahj35_Lr6F%7

 

Thanks in advance

0 Karma
Reply

uagraw01
Motivator
‎09-06-2021 02:19 AM

Please help on this as i need to make the changes as soon as possible.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎09-05-2021 10:01 AM

It's a bit too little information to tell what's wrong.

Are you sure you're defining this sedcmd for the right sourcetype/source?

In case of a bigger architecture than all-in-one - are you deploying it in the proper place on the event's path? (on the ingest path, not on the search-head)

Do your events in prod environment look exactly the same as your lab ones?

0 Karma
Reply

uagraw01
Motivator
‎09-05-2021 10:32 AM

@PickleRick  Yes all the sourcetype settings are correct and i am picking for correct source and my deployment across deployment slaves are also correct.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...