Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Anonymizing (Masking) Data Using SEDCMD

computermathguy
Path Finder
‎09-18-2024 10:35 AM

As a test, I first created some credit card numbers using a python script.

I placed the script, along with inputs and props, on the search head. I only placed props on the indexers.

The following SEDCMD will  mask the 1st and 3rd set of 4-digits. The two groups (2nd and 4th set of 4-digits) will not be masked.

props:
[cc_generator]
SEDCMD-maskcc = s/\d{4}-(\d{4})-\d{4}-(\d{4})/xxxx-\1-xxxx-\2/g 

inputs:
[script://./bin/my_cc_generator.py]
interval = */30 * * * *
sourcetype = cc_generator
disabled = 0
index = mypython

output:
xxxx-9874-xxxx-9484
Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎09-18-2024 11:02 AM

Is there a question here?

0 Karma
Reply

computermathguy
Path Finder
‎09-19-2024 10:58 AM

Yes..... Is there a way to implement masking globally?  If not, I assume we to add each sourcetype in props.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎09-19-2024 11:26 AM

You could attach your props to some wildcarded host or source stanza but that's something I'd be very careful about. It's a very non-obvious configuration and can be a huge pain to debug issues.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...