Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

sed cmd to anonymize data

cafissimo
Communicator
‎12-17-2010 01:25 PM

Hello, I have a source that contains events like these:

"MONEY LEFT: 1.000,00"
"MONEY LEFT: 000,00"
"MONEY LEFT: 350,00"
"MONEY LEFT: 1290,00"
"MONEY LEFT: 50,00"

What I would like to do is to anonymize the amount of money left (1.000,00 000,00 350,00 and so on). The output desired is

"MONEY LEFT: XXX,XX"

I tried with a sed command like these:

SEDCMD-nomoney = s/MONEY\sLEFT:\s(\S+)/MONEY LEFT: XXX,XX/g</

but it does not work all. Maybe the sed command need to know how many characters are going to be substituted? I mean that I cannot use (\S+)

Thanks for help,

Luca Caldiero Consoft Sistemi S.p.A.

Tags (3)
0 Karma
Reply

thiru53
New Member
‎12-20-2011 01:30 AM

Hi,
After adding above statement in props.conf file, how can we check it, whether it can work or not through SplunkWeb.

0 Karma
Reply

TheGU
Path Finder
‎12-19-2010 04:46 PM

Try :

SEDCMD-nomoney = s/MONEY LEFT: [\d\.\,]*/MONEY LEFT: XXX,XX/g
0 Karma
Reply

ziegfried
Influencer
‎12-17-2010 03:50 PM

The SED expression looks good to me. Can you post the whole stanza from your props.conf? Are you sure the sourcetype/source matches?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...