I am trying to write a search to look for credit card numbers in logs (for the PCI requirement 3.1, of course 🙂
I came across this:
Which is said to match most credit card data, but I am struggling to find a way to translate this into an splunk search.
Can anybody help?
You can define this as a search-time extracted field and do searches for events where that field has a value.
Taking your regex above, and plugging it into transforms.conf like so:
Then referencing it in props.conf:
View solution in original post