×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
brahma9030
Loves-to-Learn Lots
Member since: ‎11-06-2023
‎04-22-2024
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-06-2023
View All

Re: Masking credit card number and expiration dat...

by SplunkTrust in Splunk Enterprise
‎01-30-2024 05:46 AM
‎01-30-2024 05:46 AM
What do you mean by "the field abcd is already extracted"? Remember that most of the fields you work with in Splunk are so called "search-time" extractions which means that they are extracted dynamically when you are searching and displaying the data while SEDCMD works in so called "index-time" which means _before_ the data is written to Splunk's indexes. SEDCMD as @richgalloway pointed out does not know anything about the search-time extracted fields so you can't rely on their values. SEDCMD is a regex-based text substitution which works on the _raw data. There is no concept of field here whatsoever. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-22-2024 01:45 PM