Splunk Search

How do we automate the splunk log to make sure user detail is masked or not?

DrashtiPatel144
New Member

I would like to automate Splunk Logs to make sure user detail is marked.

Note: We are capturing and displaying user detail in JSON Response Body. 

 

 

Labels (1)
0 Karma

gcusello
Esteemed Legend

Hi @DrashtiPatel144,

as @richgalloway said, you should be more detailed in this question and share a sample of your logs .

Anyway, as you can read at https://docs.splunk.com/Documentation/Splunk/9.0.0/Data/Anonymizedata you can anonymize your data at index time and they remain maked in the Splunk archive, or at search time.

In addition (we did it for a customer) is also possible to preparse logs encrypting data (using a script with a certificate) before indexing, in this way, data are stored encrypted, but it's also possible (only with a request of judiciaire) to reverse the encryption for legal investigations.

What do you want to perform?

I can help you in the first two actions, not on the last because a colleague did it.

Ciao.

Giuseppe

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Please tell us more about what you want to accomplish.  Are you referring to Splunk's internal logs or your own logs you've stored in Splunk?  What user detail do you want to mask?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Splunk Education - Fast Start Program!

Welcome to Splunk Education! Splunk training programs are designed to enable you to get started quickly and ...

Five Subtly Different Ways of Adding Manual Instrumentation in Java

You can find the code of this example on GitHub here. Please feel free to star the repository to keep in ...

New Splunk APM Enhancements Help Troubleshoot Your MySQL and NoSQL Databases Faster

Splunk Observability has two new enhancements to make it quicker and easier to troubleshoot slow or frequently ...