hqstevenson / splunk-aries-blueprint

A Namespace Handler to simplify creating embedded Splunk HTTPEC data feeds
Apache License 2.0
0 stars 0 forks source link

Exclude PHI from DLQ and Advisory messages sent to Splunk #3

Open ryuhsutter opened 5 years ago

ryuhsutter commented 5 years ago

Hi Quinn,

I used the following name space and their beans for testing. They successfully consumed messages from DLQ and Advisory queues, respectively and send them to Splunk. But it seems that the messages sent to Splunk includes header data inclusive of PHI. Is this an intended design? If not, what do I have to do to exclude them when sending them to Splunk?

1. splunk-embedded-activemq-message-consumer-factory ( The Bean is splunkEmbeddedActiveMqMessageConsumerFactoryElementHandler)

2. splunk-embedded-activemq-advisory-message-consumer-factory ( The Bean is SplunkEmbeddedActiveMqAdvisoryMessageConsumerFactoryElementHandle)

Heeseon

hqstevenson commented 5 years ago

The component isn’t designed to filter data - it’s designed to send data as-is to Splunk. If you want to filter/modify the data, you’d need to do it in Splunk on the way in.

Quinn Stevenson quinn@pronoia-solutions.com (801) 244-7758

On Jul 30, 2019, at 5:53 PM, ryuhsutter notifications@github.com wrote:

Hi Quinn,

I used the following name space and their beans for testing. They successfully consumed messages from DLQ and Advisory queues, respectively and send them to Splunk. But it seems that the messages sent to Splunk includes header data inclusive of PHI. Is this an intended design? If not, what do I have to do to exclude them when sending them to Splunk?

splunk-embedded-activemq-message-consumer-factory ( The Bean is splunkEmbeddedActiveMqMessageConsumerFactoryElementHandler)

splunk-embedded-activemq-advisory-message-consumer-factory ( The Bean is SplunkEmbeddedActiveMqAdvisoryMessageConsumerFactoryElementHandle)

Heeseon

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/hqstevenson/splunk-aries-blueprint/issues/3?email_source=notifications&email_token=AD3IUJZD4ZOGZP2773U2KLLQCDIA7A5CNFSM4IIBIE22YY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HCN7C6A, or mute the thread https://github.com/notifications/unsubscribe-auth/AD3IUJ2KI7SAEIVICI4THCTQCDIA7ANCNFSM4IIBIE2Q.

ryuhsutter commented 5 years ago

Okay, thanks for the response.

Heeseon