Is user-based data masking possible for one-index ...

isha_rastogi · ‎02-04-2016

I have different users who will be accessing a index. Problem is I want User "A" to access the original data but for User "B" data would be masked for same index. I tried to create the Python script to mask the information but how to invoke the script on user-session.

renjith_nair · ‎02-04-2016

User role is assigned on index level and hence all or none will be affected. There are two ways you can try

Forward data simultaneously to another index with and mask it (License meter counts)
Run a search to populate a summary index from the original one after masking and give the user access to only summary index (no extra license needed)

---
What goes around comes around. If it helps, hit it with Karma 🙂

isha_rastogi · ‎02-05-2016

What if user wants to see raw events with masked data? I believe summary indexing will be able to produce report or search for fields which are creating summary index.

Is user-based data masking possible for one-index .

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation