I need help in masking data in the payload emitted in the log. The application writes logs to Windows Event logs -
Message=[2019-01-29 07:00:24,706] {1302} INFO SomeHelper::SendToDestination - {"RefId":"78c2511d-5aa6-4b92-9a50-3622d62ac1a2","Lender":{"Id":"4be018e4-de81-4142-adf0-cfa3dd923c7c","FirstName":"SomeFirstName","LastName":"SomeLastName","Quailification":false,"ID":"4be018e4-de81-4142-adf0-cfa3dd923c7c"}
I have tried the following SEDCMD in props.conf , but it masks all the fields after the "LastName" in payload in the EventLog.
SEDCMD-ananlname = s/("LastName":".*"/"LastName":"*****"/
Try this to eliminate the entire section (you might as well save the license cost, too):
SEDCMD-stripLastName = s/,"LastName":"[^"]+"//
Hi @nmohammed
This sedcmd should work better for you: SEDCMD-ananlname = s/"LastName":"[^\"]*"/"LastName":""/
The main change is that instead of using .*
(which means capture everything to the end of the line) I am instead using [^\"]*
(which means capture everything until you reach a double quote)
Good luck