We have couple of credit card data in splunk and we need to remove those from the splunk. I am using the below query to search for cc data and remove it from splunk.
sourcetype="logs" (ccNumber=0* OR ccNumber=1* OR ccNumber=2* OR ccNumber=3* OR ccNumber=4* OR ccNumber=5* OR ccNumber=6* OR ccNumber=7* OR ccNumber=8* OR ccNumber=9*) | delete
Even running this query i am seeing credit card data in splunk. I am just a beginner on regex and i couldnt use it. I would appreciate if you can help me in query for removing these data.
NOTE- Few ccNumber fields are already hashed out.
