splunk anonymize
-
Use anonymize to replace identifying data (usernames, IP addresses, domain names, etc.) with fictional values that maintain the same word length and event type. Anonymizing data lets Splunk users share log data without revealing confidential or personal information from their networks. You can specify custom rules for Splunk's anonymizer by using the parameters to specify your own word lists. Syntax: anonymize file -source [-parameter <value>]... Objects: source relative or full path to file to anonymize Parameters: public-terms file containing a list of locally-used words to NOT anonymize (default= $SPLUNK_HOME/etc/anonymizer/public-terms.txt) private-terms file containing a list of words to anonymize (default= $SPLUNK_HOME/etc/anonymizer/private-terms.txt) name-terms file containing a list of common English personal names that Splunk uses to anonymize names with (default= $SPLUNK_HOME/etc/anonymizer/names.txt) dictionary file containing a global list of commonly-used words to NOT anonymize - unless they are in the private-terms file (default= $SPLUNK_HOME/etc/anonymizer/dictionary.txt) timestamp-config file that determines how timestamps are parsed (default= $SPLUNK_HOME/etc/anonymizer/ anonymizer-time.ini) Examples: ./splunk anonymize file -source /tmp/messages ./splunk anonymize file -source /tmp/messages -name_terms $SPLUNK_HOME/bin/Mynames.txt ./splunk anonymize file -source ../README-splunk.txt -name_terms ./etc/anonymizer/names.txt Type "help [object|topic]" to view help on a specific object or topic. Complete documentation is available online at: http://docs.splunk.com/Documentation
© Lightnetics 2024