Splunk Search

How do we automate the splunk log to make sure user detail is masked or not?

DrashtiPatel144
New Member

I would like to automate Splunk Logs to make sure user detail is marked.

Note: We are capturing and displaying user detail in JSON Response Body. 

 

 

Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @DrashtiPatel144,

as @richgalloway said, you should be more detailed in this question and share a sample of your logs .

Anyway, as you can read at https://docs.splunk.com/Documentation/Splunk/9.0.0/Data/Anonymizedata you can anonymize your data at index time and they remain maked in the Splunk archive, or at search time.

In addition (we did it for a customer) is also possible to preparse logs encrypting data (using a script with a certificate) before indexing, in this way, data are stored encrypted, but it's also possible (only with a request of judiciaire) to reverse the encryption for legal investigations.

What do you want to perform?

I can help you in the first two actions, not on the last because a colleague did it.

Ciao.

Giuseppe

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Please tell us more about what you want to accomplish.  Are you referring to Splunk's internal logs or your own logs you've stored in Splunk?  What user detail do you want to mask?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...