Splunk Search

Help regex for masking

mishutts
Explorer

Hi,

Can someone please help me regex a password field to mask data?

I've been trying to figure out how to mask the password in the following example;

  • npx violation-comments-to-cloud-command-line -username JoeSmith@company.com -password abcdef78 -ws walace -rs ttcc-lsls -prid 1441 -v CHECKSTYLE . '.*/reports/filename-goes-here-results.xml$' ESLint -keep-old-comments true -www1 true

I've tried many variations but it either deletes the remainder of the event or doesn't work.

[password-anonymizer]
REGEX =(?m)^(-password\s).*$
FORMAT = $1########
DEST_KEY = _raw

Thanks

Labels (1)
0 Karma
1 Solution

to4kawa
Ultra Champion

related answer: https://answers.splunk.com/answers/824299/anonymize-data-from-json-file.html

 [password-anonymizer]
 REGEX = (?m)(.*-password )\w+(.*)
 FORMAT = $1#######$2
 DEST_KEY =_raw

For DEST_KEY =_raw , you should keep all text in the event by REGEX.

@richgalloway 's way or my way, As you wish.

https://docs.splunk.com/Documentation/Splunk/latest/Data/Anonymizedata

View solution in original post

0 Karma

to4kawa
Ultra Champion

related answer: https://answers.splunk.com/answers/824299/anonymize-data-from-json-file.html

 [password-anonymizer]
 REGEX = (?m)(.*-password )\w+(.*)
 FORMAT = $1#######$2
 DEST_KEY =_raw

For DEST_KEY =_raw , you should keep all text in the event by REGEX.

@richgalloway 's way or my way, As you wish.

https://docs.splunk.com/Documentation/Splunk/latest/Data/Anonymizedata

0 Karma

mishutts
Explorer

Thank you. This worked like a charm.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Try using SEDCMD in your props.conf file.

[mysourcetype]
SEDCMD-maskpw = s/-password -w+/-password ########/
---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

New Cloud Intrusion Detection System Add-on for Splunk

In July 2022 Splunk released the Cloud IDS add-on which expanded Splunk capabilities in security and data ...

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...