I would like to know the best practices to mask the data in a particular scenario.
I have 2 applications hosted on 2 different Linux servers which are sending logs to Splunk. Both the application owners also want to send their server related logs to Splunk so we decided to install TA for UNIX on the application servers.
Both the TA for UNIX are not sending information to Splunk and logs are being viewed in Splunk app for UNIX on SH.
Which are are best way to mask server1's information to be viewed by users of server2?
Usually we restrict users on app and index level, however its is just one app (Splunk app for UNIX) so I was wondering different ways to mask.
If you don't have the option to use a separate index for each of these servers, then you can
Hope this helps.
@varad_joshi - Your reference to the add-on/apps is unclear. Can you please confirm which add-ons or apps are you referring to in Splunkbase?
Splunk App for Unix and Linux, Splunk Add-on for Unix and Linux, or both? I just want to be sure your post is tagged properly for greater visibility. Thank you.