Splunk Search

How to create a regex expression to mask the input?

poddraj
Explorer

Hi,
Can someone help with regex expression to mask the below kind of pattern. I need this pattern of text to be masked wherever I find it in my events.

12/KQXA/123456/ABXY --> **************ABXY 
11/VAXA/123456    /VAQY --> **************VAQY 
00/LCXA/545232/GYFT --> **************GYFT 
0 Karma

manjunathmeti
Champion

Try this query:

| makeresults | eval _raw="12/KQXA/123456/ABXY --> SPLUNKAAAAAAAAABXY" | append [| makeresults | eval _raw="11/VAXA/123456/VAQY      --> AAXZAAAAAAAAAAVAQY" ] | append [| makeresults | eval _raw="00/LCXA/545232/GYFT --> A1AAAAAX50AAAAAGYFT"] | rex field=_raw mode=sed "s/\w{14}/***************/g"
Get Updates on the Splunk Community!

Video | Welcome Back to Smartness, Pedro

Remember Splunk Community member, Pedro Borges? If you tuned into Episode 2 of our Smartness interview series, ...

Detector Best Practices: Static Thresholds

Introduction In observability monitoring, static thresholds are used to monitor fixed, known values within ...

Expert Tips from Splunk Education, Observability in Action, Plus More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...