Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do we automate the splunk log to make sure user detail is masked or not?

DrashtiPatel144
New Member
‎08-03-2022 11:48 AM

I would like to automate Splunk Logs to make sure user detail is marked.

Note: We are capturing and displaying user detail in JSON Response Body. 

 

 

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-04-2022 12:23 AM

Hi @DrashtiPatel144,

as @richgalloway said, you should be more detailed in this question and share a sample of your logs .

Anyway, as you can read at https://docs.splunk.com/Documentation/Splunk/9.0.0/Data/Anonymizedata you can anonymize your data at index time and they remain maked in the Splunk archive, or at search time.

In addition (we did it for a customer) is also possible to preparse logs encrypting data (using a script with a certificate) before indexing, in this way, data are stored encrypted, but it's also possible (only with a request of judiciaire) to reverse the encryption for legal investigations.

What do you want to perform?

I can help you in the first two actions, not on the last because a colleague did it.

Ciao.

Giuseppe

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-03-2022 01:41 PM

Please tell us more about what you want to accomplish.  Are you referring to Splunk's internal logs or your own logs you've stored in Splunk?  What user detail do you want to mask?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...