According to the link below, it looks possible to mask data in splunk.
https://docs.splunk.com/Documentation/Splunk/6.4.3/Data/Anonymizedata
I want to mask the email and credit card number for the logs.
Here are the example for each:
test@test.com
3234-1234-5678-5678
As I need to configure props.conf and transforms.conf under $SPLUNK_HOME/etc/system/local/
Specifically, in props.conf, it will be something like this:
[<sourcetype>]
TRANSFORMS-anonymize = emailaddr-anonymizer, creditcard-anonymizer
in transforms.conf, it will be:
[emailaddr-anonymizer]
REGEX = <regex>
FORMAT = ********@*********
DEST_KEY = _raw
[creditcard-anonymizer]
REGEX = <regex>
FORMAT = ****-****-****-****
DEST_KEY = _raw
As I am not good at REGEX in Splunk, can any body tell me what exact regular expression I have to write in the REGEX field for email and credit card?
(Only need to match '@'and '.' in email field)
... View more