Latest Updates


Regex Expression in Splunk

Suppose there are some sensitive data like Account no, Mobile no, Card details etc. and if you want to mask or hide that info here we can discuss about it.

Before we move on, let’s understand some basics about REX using SED.

Rex (Using SED):- This command is used to either extract fields using regular expression named groups, or replace or substitute characters in a field using SED expressions.

SED expression: While using the REX command in SED mode, you have two options: replace or character substitution.
Note: “Syntax: mode=sed”
Use Case for masking and replacing using SED
Here we have one lookup file which have the details of user and their account no. So now we can discuss how to hide/mask the sensitive data i.e. Account no
| inputlookup Acc_no|table Name ACC_NO

 We can hide/mask the account no. in various ways.
o To mask complete digit: Suppose a user want to hide/mask  the complete account no, we need to follow this:

| inputlookup  Acc_no |table Name ACC_NO |rex field=ACC_NO mode=sed  "s/(\\d{16})/############/"

If you are still facing issue regarding this topic Feel free to Ask Doubts in the Comment Box Below and Don't Forget to Follow us on 👍 Social Networks, happy Splunking >😉
Regex Expression in Splunk Reviewed by Avotrix.Author on Friday, January 04, 2019 Rating: 5

No comments:

All Rights Reserved by Avotrix © 2018 - 2019
Developed and created by Avotrix

Contact Form


Email *

Message *

Powered by Blogger.