Getting Data In

anonymize before indexed_extractions



I have a CSV input and want to anonymize data, but with SEDCMD it only works for _raw field. The fields created from indexed_extractions are not anonymized.
The fields of the CSV vary and the pattern I need to anonymize can occur in multiple fields.

Does anybody have a hint for me?

Best regards,

0 Karma


My colleague Johannes @jeffland had a similar issue, and provides a working solution here:
The approach of modifying _meta directly should help you with looking for a pattern in varying fields.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!