I would like to automate Splunk Logs to make sure user detail is marked.
Note: We are capturing and displaying user detail in JSON Response Body.
Hi @DrashtiPatel144,
as @richgalloway said, you should be more detailed in this question and share a sample of your logs .
Anyway, as you can read at https://docs.splunk.com/Documentation/Splunk/9.0.0/Data/Anonymizedata you can anonymize your data at index time and they remain maked in the Splunk archive, or at search time.
In addition (we did it for a customer) is also possible to preparse logs encrypting data (using a script with a certificate) before indexing, in this way, data are stored encrypted, but it's also possible (only with a request of judiciaire) to reverse the encryption for legal investigations.
What do you want to perform?
I can help you in the first two actions, not on the last because a colleague did it.
Ciao.
Giuseppe
Please tell us more about what you want to accomplish. Are you referring to Splunk's internal logs or your own logs you've stored in Splunk? What user detail do you want to mask?