A customer wants to mask unstructured data before sending it to Splunk Cloud. Where should SEBCMD be configured for this?
To mask unstructured data before sending it to Splunk Cloud, the SEDCMD should be configured in the props.conf file on a Heavy Forwarder. The Heavy Forwarder is responsible for data parsing and transformation before forwarding the data to Splunk Cloud. This ensures that sensitive data is masked before it reaches the indexing stage.
Splunk Documentation Reference: Using SEDCMD to Mask Data
Romana
2 days agoVirgie
5 days ago