I have a CSV input and want to anonymize data, but with SEDCMD it only works for _raw field. The fields created from indexed_extractions are not anonymized.
The fields of the CSV vary and the pattern I need to anonymize can occur in multiple fields.
Does anybody have a hint for me?
My colleague Johannes @jeffland had a similar issue, and provides a working solution here: https://answers.splunk.com/answers/312173/how-can-i-anonymize-fields-of-data-that-has-underg.html
The approach of modifying _meta directly should help you with looking for a pattern in varying fields.