I have been trying out to Anonymise below logs using SED function,but its not wokring, Please find the use case below:
**Input:**
10.192.1.46 - - [30/Jul/2014:23:59:15] "POST /flower_store/order.do HTTP/1.1" 200 13849 "http://mystore.splunk.com/flower_store/enter_order_information.screen&JSESSIONID=SD5SL10FF8ADFF3" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070223 CentOS/1.5.0.10-0.1.el4.centos Firefox/1.5.0.10" 1463 2971
**Output:**
10.192.1.46 - - [30/Jul/2014:23:59:15] "POST /flower_store/order.do HTTP/1.1" 200 13849 "http://mystore.splunk.com/flower_store/enter_order_information.screen&JSESSIONID=#####10FF8ADFF3" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070223 CentOS/1.5.0.10-0.1.el4.centos Firefox/1.5.0.10" 1463 2971
Have deployed the below configuration in Indexer as using Sed command:
sourcetype is testing.
**props.conf**
[testing]
SEDCMD-testing = s/JSESSIONID=\w{2}\d\w{2}\d{2}\w{2}/JSESSIONID=#####\1/g
↧