You can create log processing rules to mask logs. Masking lets you hide fields completely or partially in log messages, for example, fields such as password.

Note:
  • Log processing rules are applied only to the logs that are ingested after you create and enable these rules.
  • All the actions that you perform on log processing configurations - create, modify, remove, deactivate, or enable, need about a minute to reflect in the system.

Procedure

  1. Expand the main menu and go to Log Management > Log Processing Rules.
  2. On the Mask Logs tab, click New Configuration.
  3. Enter the following information:
    Option Description
    Name A name for the log masking configuration.
    Fields The fields that you want to mask in the log messages. You can mask multiple fields in a configuration. After entering a field name, you must enter the regex selector for the field value, which indicates the part of the field that you want to mask. You can also enter a value to replace the masked content of the specified fields, the default value for which is ***** .
    Apply to all logs / Apply to specific logs Apply the masking configuration to all the logs or to specific logs. If you apply the configuration to specific logs, you can add query criteria for single or multiple fields, so that only the logs that match the criteria are masked.
  4. Click Save.

What to do next

On the Mask Logs tab, you can:
  • Modify or remove the configuration. Click the three dots icon to the left of the configuration and select Edit or Delete.
  • Enable or deactivate the configuration. Click the toggle to the left of the configuration. The toggle is green when the configuration is enabled and gray when it is deactivated.