Hi All,
I want to mask email id from Message tracking logs,but it mask the whole event.Could you pelase help me in masking only emailid's and no other data from the event.
transforms.conf
[emailaddr-anonymizer]
REGEX = ([A-z0-9._%+-]+@[A-z0-9.-]+\.[A-z]{2,63})
FORMAT = ********@*********
DEST_KEY = _raw
props.conf
[<given_source_type>]
TRANSFORMS-anonymize = emailaddr-anonymizer
Sample log
gotsomething,somename@something.com,junk files for,somename@somedomain.com,this is a test log with some emails,myname@mydomain.net,
Expected output:
gotsomething,xxxxx@xxxxxxx,junk files for,xxxxxx@xxxxxxx,this is a test log with some emails,xxxxx@xxxxxxx,
Thanks
Hi ansif,
try to replace your transform.conf with the following
[emailaddr-anonymizer]
REGEX = ,[^@]*@[^,]*,
FORMAT = ,********@*********,
DEST_KEY = _raw
you can test it at https://regex101.com/r/z1JhxR/1
Bye.
Giuseppe
Hi ansif,
try to replace your transform.conf with the following
[emailaddr-anonymizer]
REGEX = ,[^@]*@[^,]*,
FORMAT = ,********@*********,
DEST_KEY = _raw
you can test it at https://regex101.com/r/z1JhxR/1
Bye.
Giuseppe
Thanks Giuseppe, but the above thing is not working as expected output
Expected output is as follows:
gotsomething,xxxxx@xxxxxxx,junk files for,xxxxxx@xxxxxxx,this is a test log with some emails,xxxxx@xxxxxxx,
But I am getting:
,********@*********,
And one more thing,the logs might have email id's without a comma like:
gotsomething,somename@something.com,junk files for,somename@somedomain.com,this is a test log with some emails,myname@mydomain.net,addedmail@domain.net
Hi ansif,
did yu seen https://docs.splunk.com/Documentation/Splunk/latest/Data/Anonymizedata ?
using a sed script in props.conf
[given_source_type]
SEDCMD-emails = s/,[^@]*@[^,]*,/,********@*********,/g
or using transforms.conf
[emailaddr-anonymizer]
REGEX = ,[^@]*@[^,]*,
FORMAT = $1,********@*********,$2
DEST_KEY = _raw
Bye.
Giuseppe
Working fine with below:
[MSExchange:2013:MessageTracking]
SEDCMD-emails = s/,?([A-z0-9._%+-]+@[A-z0-9.-]+\.[A-z]{2,63},?)/,********@*********,/g
@Giuseppe :: Please let me know how can I include domain name.
It is resolved:
Tried below code:
[MSExchange:2013:MessageTracking]
SEDCMD-emails = s/,?([A-z0-9._%+-]+@,?)/,********@/g