what is regex expression in splunk ? Suppose there are some sensitive data like Account no, Mobile no, Card details etc. and if you want to mask or hide that info here we can discuss about it. we can do it using regex expression in splunk.

Before we move on, let’s understand some basics about REX using SED.

Rex (Using SED):– This command is used to either extract fields using regular expression named groups, or replace or substitute characters in a field using SED expressions.

SED expression: While using the REX command in SED mode, you have two options: replace or character substitution.

Note: “Syntax: mode=sed”

Use Case for masking and replacing using SED
Here we have one lookup file which have the details of user and their account no. So now we can discuss how to hide/mask the sensitive data i.e. Account no
| inputlookup Acc_no|table Name ACC_NO

 We can hide/mask the account no. in various ways.
o To mask complete digit: Suppose a user wants to hide/mask  the complete account no, we need to follow this:

| inputlookup  Acc_no |table Name ACC_NO |rex field=ACC_NO mode=sed  “s/(\d{16})/############/”

If you are still facing issue regarding this topic Feel free to Ask Doubts in the Comment Box Below and Don’t Forget to Follow us on 👍 Social Networks, happy Splunking >😉


To know more on the topics related to splunk or iot follow us, also do comment below the topics you wish us to cover further.