Can the scrub command be used to scrub only the dr...

chintan_shah · ‎06-17-2016

I need to pass log data to another applications, but because of security concerns, I need to scrub only the driver license from the results.
Can the scrub command be used to only scrub the driver license without changing the name of the customer?

Raghav2384 · ‎06-17-2016

Hello,

I prefer going through the docs posted by @frobinson[Splunk] first.

To give you an idea, use this run anywhere example. This is search time

|gentimes start=-1|eval First="Raghav",Last="Gomatham",LicenseID="123456789"|rex mode=sed field=LicenseID "s/\d+/XXXXXXXXX/g"

To set it in props.conf, use the sourcetype of the data

[sourcetype]
SEDCMD-license = s/\d+/XXXXXXXXX/g and bounce the service.

Hope this helps!

Thanks,
Raghav

frobinson_splun · ‎06-17-2016

Hi @chintan_shah,
Although it does not involve the "scrub" command, here is some info on anonymizing data being indexed, using a regular expression or sed script:
http://docs.splunk.com/Documentation/Splunk/6.4.1/Data/Anonymizedata

You might also consider the options in this topic about anonymizing data samples:
http://docs.splunk.com/Documentation/Splunk/6.4.1/Troubleshooting/AnonymizedatasamplestosendtoSuppor...

Hope this helps!

Can the scrub command be used to scrub only the driver license field from results?

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)