I have a CSV input and want to anonymize data, but with SEDCMD it only works for raw field. The fields created from indexedextractions are not anonymized.
The fields of the CSV vary and the pattern I need to anonymize can occur in multiple fields.
Does anybody have a hint for me?
My colleague Johannes @jeffland had a similar issue, and provides a working solution here: https://answers.splunk.com/answers/312173/how-can-i-anonymize-fields-of-data-that-has-underg.html
The approach of modifying _meta directly should help you with looking for a pattern in varying fields.