i want to keep the pattern of specific word which starts with OS0003/SSED-BUS-0015 as it is and want to mask others numbers and email with "XXXX"
OS00194 - master Id: 1-56579333 Cancelled amazoon package
OS00194 - master Id: 1-56579333 Cancelled amazo0n package
P58U0040: record : First amazon package.
OS00178 - master Id: 0297276774 is
SSED-BUS-0000
..SSED-BUS-0000: ASEEM7593 micrsoft error
SSED-BUS-0015
..Action not allowed because airteel with value 377593df332
hey premranjithj
if you want to mask anything after Id:
with Id: XXXX
then use below query
| rex field=_raw mode=sed "s/Id:\s((\d+-\d+)|(\d+))/Id: XXXX/g"
If you want to mask : ASEEM7593
with : XXXX
| rex field=raw mode=sed "s/:\s[A-Z]+\d+/: XXXX/g"
If you want to mask value 377593df332
with value XXXX
| rex field=raw mode=sed "s/\w+$/XXXX/g"
If you want to mask P58U0040
with P58UXXXX
| rex field=raw mode=sed "s/P58U\d{4}/P58UXXXX/g"
If you want to mask any email in the data then use
| rex field=raw mode=sed "s/((\w[\w\-\.]+@\w+.com))(.*)/XXXX/g"
If you want to mask any email except your domain suppose gmail
| rex field=raw mode=sed "s/[A-z0-9._%+-]+@[A-z0-9.-]+\.[A-z]{2,63}(?<!@gmail.com)(?:[^A-z]|$)/XXXX/g"
Let me know if this helps you!
Hi @ premranjithj,
Can you tell me exactly what data you want to extract from your events?
@nikita_p . i want the data to be masked as below.
example
OS00194 - master Id: 1-XXXX Cancelled amazon package
OS00194 - master Id: 1-XXXX Cancelled amazon package
P58UXXXX: record : First amazon package.
OS00178 - master Id: XXXXXXX is
SSED-BUS-0000
..SSED-BUS-0000: XXXXX micrsoft error
SSED-BUS-0015
..Action not allowed because airtel with value XXXXXX