Getting Data In
Highlighted

anonymize before indexed_extractions

Communicator

Hi,

I have a CSV input and want to anonymize data, but with SEDCMD it only works for raw field. The fields created from indexedextractions are not anonymized.
The fields of the CSV vary and the pattern I need to anonymize can occur in multiple fields.

Does anybody have a hint for me?

Best regards,
Thomas

0 Karma
Highlighted

Re: anonymize before indexed_extractions

SplunkTrust
SplunkTrust

My colleague Johannes @jeffland had a similar issue, and provides a working solution here: https://answers.splunk.com/answers/312173/how-can-i-anonymize-fields-of-data-that-has-underg.html
The approach of modifying _meta directly should help you with looking for a pattern in varying fields.

0 Karma