Hi,
How would I anonymize the following example:
BankName=South!@Indian!@Bank
I want everything to the right of the equal sign to be removed/masked/covered
http://docs.splunk.com/Documentation/Splunk/7.0.0/Data/Anonymizedata
Pseudo example based on the docs to get you started. Would need a better data sample of full log events to give you a more accurate regex.
props.conf
[my-spec]
TRANSFORMS-anonymize = my-anonymizer
transforms.conf
[my-anonymizer]
REGEX = (?m)^(.*)BankName=\w+!@\w+!@\w+(.*)$
FORMAT = $1BankName=########$2
DEST_KEY = _raw