Splunk does not support any field-level encryption out-of-the-box even in 4.3. It does support anonymization / filtering of sensitive data by use of the SEDCMD
functionality.
As an example, to anonymize social security numbers, an applicable SEDCMD rule might be:
[mysourcetype]
SEDCMD-filterSSNO = s/\d{3}(-?)\d{2}(-?)(\d{4})/XXX\1XX\2\3/
In terms of best practice (I know this isn't easy), this type of data should never have made it into logfiles for Splunk to index. Data protection standards like PCI outright forbid cleartext storage of this type of data. I don't know how you are getting this data into Splunk, but if it is from flat files, then the data is already exposed on disk in one place.