I want to capture form_data for stream:http but we need to mask all "password" fields with XXXX to avoid saving password data anywhere.
I am doing POC of splunk stream for large financial firm's security department and this is part of compliance requirement.
Ability to apply regex filtering over raw content before indexing would be great so fields like social security numbers, card numbers, passwords etc will be safely masked away.
Is there any way to preprocess inputs before their content is sent for indexing?