Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Masking _raw after indexing depending on Role

JordanPeterson
Path Finder
‎06-04-2018 02:37 PM

I know that there are a lot of answers regarding masking data and it all comes down to masking it at index time. However, I have two different groups of users that need access to the same data, depending on their role it may or may not need to be masked. How can I provide a solution to both groups without having to index this data twice?

0 Karma
Reply

adonio
Ultra Champion
‎06-04-2018 03:50 PM

maybe you could use summary indexes for the team that needs the data masked ...
summarize only the data that is important to them.

0 Karma
Reply

MuS
Legend
‎06-04-2018 04:03 PM

As @adino said use summary indexes to provide the events to each of the groups/roles OR create datamodels for each of them and mask or just provide the events they need, and accelerate the datamodel once done.

cheers, MuS

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...