Building for the Splunk Platform

Can I create an eval function using a python script?

zchandikaz
New Member

I know how to mask data at indexing time using EVAL and SEDCMD.
But there are more logics I need to consider.

Can I mask data using python script at indexing time or is there any method like that or can I create an eval function using a python script?

Labels (1)
0 Karma

livehybrid
Contributor

Using Splunk Enterprise you wouldnt be able to do this if you're ingesting through the typical mechanisms. 

The only thing that I can think of that would allow you to do this is using Splunk Data Stream Processor (DSP) - which allows you to create custom functions to apply to data streams and could be used for encryption/masking etc.

https://docs.splunk.com/Documentation/DSP/1.1.0/User/PluginSDK

 

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...