- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I have a problem with splunk search. What I need to do is to do a search from the fields containing CC numbers. I have tried the example from the Splunk tutorial:
| rex field=ccnumber mode=sed "s/(\d{4}-){3}/XXXX-XXXX-XXXX-/g"
And I modified it as:
| rex field=kreditnakatica mode=sed "s/(\d{4}){3}/XXXXXXXXXXXX/g"
As to accommodate my field name and the CC format with no hyphens, but it does not work. Overall, I seem to have a problem understanding what kind of regex would Splunk accept, as e.g. it does not accept regexes such as \d{16}
.
Thank you and cheers!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I managed to solve the problem by circumventing it--just used Python to produce the xxxx-xxxx-xxxx-xxxx CC numbers and then applied the upper code.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I needed to anonymize the data. It works with the xxxx-xxxx-xxxx-xxxx CC format, and the example from the tutorial works fine, but fot the xxxxxxxxxxxxx format I am not able to modify the example. My solution was to modify the log to have an xxxx-...-xxxx format input and then use the out-of-the-box Splunk tutorial example.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I managed to solve the problem by circumventing it--just used Python to produce the xxxx-xxxx-xxxx-xxxx CC numbers and then applied the upper code.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
data:image/s3,"s3://crabby-images/6b305/6b30587f4930d3fb5a3b702327abd87164ea90b6" alt="somesoni2 somesoni2"
Thats great. Alternatively you could use | rex field=kreditnakatica mode=sed "s/(\d{12})/XXXXXXXXXXXX/g"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
data:image/s3,"s3://crabby-images/b4fdb/b4fdbfe35bef76d545edb68aed191a9a6cee58b4" alt="strive strive"
Are you trying to anonymize the credit card number? Do you need simple extraction or you need to anonymize the data?
Can you post your log event.
data:image/s3,"s3://crabby-images/d7f73/d7f73632dd731f9b3dd280d9d048df61ba67932c" alt=""