Building for the Splunk Platform

Can I create an eval function using a python script?

zchandikaz
New Member

I know how to mask data at indexing time using EVAL and SEDCMD.
But there are more logics I need to consider.

Can I mask data using python script at indexing time or is there any method like that or can I create an eval function using a python script?

Labels (1)
0 Karma

livehybrid
Contributor

Using Splunk Enterprise you wouldnt be able to do this if you're ingesting through the typical mechanisms. 

The only thing that I can think of that would allow you to do this is using Splunk Data Stream Processor (DSP) - which allows you to create custom functions to apply to data streams and could be used for encryption/masking etc.

https://docs.splunk.com/Documentation/DSP/1.1.0/User/PluginSDK

 

0 Karma
Get Updates on the Splunk Community!

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

You asked, we delivered. Splunk Observability Cloud has several new innovations giving you deeper visibility ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...