Splunk Credit Card Masking
Create/update /opt/splunk/etc/apps/search/local/props.conf file with the following content. The file should be placed in each splunk client or forwarder.
[source::.../*server.log]
SEDCMD-ccard = s/(4[0-9]{12}(?:[0-9]{3})?|3[47][0-9]{13}|6(?:011|5[0-9]{2})[0-9]{12}|(?:2131|1800|35\d{3})\d{11}|3(?:0[0-5]|[68][0-9])[0-9]{11}|5[1-5][0-9]{14})/xxxx-xxxx-xxxx-xxxx/g
... in source means server.log is searched under all directories
SEDCMD pretty much works like Unix sed.
posted by Jayanthi Krishnamurthy @ 4:52 PM
0 Comments
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home