I'm testing the data-mask feature by anonymizing the numbers in the brackets: splunk[9085] but it's not working
Is my regex expression incorrect? (generated using an online tool - https://regex101.com/)
Guide: https://docs.splunk.com/Documentation/Splunk/6.1.4/Data/Anonymizedatausingconfigurationfiles
Sample Log:
Aug 12 09:22:00 forwarder splunk[9085]: #011Checking default conf files for edits...
Forwarder configurations:
props.conf:
[linux_logs]
TRANSFORMS-anonymize = dhclient-anonymizer
transforms.conf:
[dhclient-anonymizer]
REGEX = splunk\[(\d+)\]
FORMAT = $1splunk[####]$2
DEST_KEY = _raw
... View more