I'm trying to mask the IP address from the below sample syslog per the following guide but it's just not working. Is my regex expression wrong? I'm no regex guru so I'm generating the regex expression from online tools.
http://docs.splunk.com/Documentation/Splunk/6.0.2/Data/Anonymizedatausingconfigurationfiles
Sample Log:
Apr 11 10:47:30 192.168.1.1 stingray_xml_slave: ....
pref.conf:
[syslog]
TRANSFORMS-anonymize = testing
transforms.conf:
[testing]
REGEX = \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
FORMAT = $1#####$2
DEST_KEY = _raw
I also tried the following Regex expresion generated by txt2re.com with no luck either:
((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))(?![\\d])
... View more