Hello,
This is a large topic with a variety of ways to implement it. There was a .conf presentation detailing a few different ways and to do this. You seem to be looking for psuedononymous obfuscation so look out for those options in the slides: https://conf.splunk.com/files/2017/slides/data-obfuscation-and-field-protection-in-splunk.pdf
edit: Here is the above video for better context:
https://conf.splunk.com/files/2017/recordings/data-obfuscation-and-field-protection-in-splunk.mp4
Splunk provides their own documentation at: https://docs.splunk.com/Documentation/Splunk/7.2.5/Data/Anonymizedata
There, they detail one of the easiest ways using a props and transforms regex :
To mask sensitive data, you need the following items:
Data that you want to anonymize
An understanding of how regular expressions work.
An inputs.conf file, with a configuration that tells Splunk Enterprise where this data is located
A transforms.conf file that does the data masking
A props.conf file that references the transforms.conf file for the data that you want to mask
Finally, If you only want to obfuscate the data at search time you can implement a data scrub inline with your search
https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Scrub
... View more