Edge Processor | Expanded offerings with support for RawHEC, masking with Cryptographic Functions, and Lookups

Splunk is pleased to announce the latest enhancements to Edge Processor that will help to optimize your data management needs to filter, mask, and route more intelligently. These include support for Lookups, RawHec and Cryptographic Functions.

• Enhanced HEC capability, now with RawHEC: To complement the earlier release of data ingest and export using HTTP Event Collector (HEC,) Splunk Edge Processor can now receive events via a raw HEC endpoint.  Third-party cloud services can send data to Splunk without having to conform to a Splunk specific format or account for the inability to change code formats with an authentication token. That means you can push more data into Splunk, at a high bandwidth, and with control over data schema. To learn more, check out Splunk Docs.
• Enhanced Masking with Cryptographic Functions: Support for cryptographic functions builds on the masking capabilities in Edge Processor, and are necessary to ensure data integrity and confidentiality before it leaves your network boundaries. Where previously you could only redact data using Edge Processor, now you can hash data of your choosing, and perform analytics on top of it. For example, you might hash sensitive data like a credit card number before that data streams to Splunk platform; and you may still want to know how many transactions happened using that credit card over the past month. Now you can generate new insights and value into your data.
• New Lookups: Edge Processor now delivers support for Lookups that enables users to perform better data enrichment and in turn, to make more informed decisions about the data before its indexed.  This means that you can now identify which device failed but not in the event rather saved in another file. You can now erich data further up in the pipeline before indexing to accelerate detection, and you can append information to an event and write an event as an original event, without having to do additional research.

For more about Splunk Edge Processor, including plans to support additional sources, destinations, and new functionality, see release notes and documentation.  And be sure to join the Slack user group #edge-processor to get real-time support from the Community.