Use controls for sensitive data in Splunk RUM π
By default, Splunk RUM doesnβt capture any sensitive information such as data filled in a text box, the string or label of a button, or the POST request or response body. However, you might have the possibility of a sensitive data leak in the following situations:
Names of page or screen elements
Query parameters in URLs that might contain sensitive information
Splunk RUM provides additional controls in its instrumentation libraries that allow for additional sanitization of your data.
What is sensitive data ? π
Sensitive data may fall within the categories of personally identifiable information (PII), customer-identifiable information (CII), cardholder data (CHD), or protected health information (PHI). It is necessary to protect these types of data to ensure compliance with industry requirements such as the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), and the General Data Protection Regulation (GDPR).
Splunk RUM for Browser instrumentation π
This instrumentation uses the splunk-otel-js-web library.
Scenario |
Command |
|---|---|
Drop or redact parts of an attribute value. Specify the name, or parse one or more attributes specified by their name and use regular expressions to match the value. |
|
Drop specific attributes across all spans or events. |
|
Drop entire spans or events. |
|
Examples π
This code snippet with onAttributesSerializing uses regular expressions to modify URLs.
onAttributesSerializing: (attributes) => ({
...attributes,
'http.url': typeof attributes['http.url'] === 'string'
? attributes['http.url'].replace(/([?&]token=)[^&]+(&|$)/g, '$1<token>$2')
: attributes['http.url'],
This code snippet shows how to drop all spans that have a failed status.
context.with(suppressTracing(context.active()), () => {
this._exporter.export([span], result => {
if (result.code !== ExportResultCode.SUCCESS) {
globalErrorHandler(
result.error ??
new Error(
`SimpleSpanProcessor: span export failed (status ${result})`
)
);
}
Use the format (string\|regex)[] with ignoreUrls to drop all URLs that contain /payment/:
ignoreUrls: [/\/payment\//]
Splunk RUM for Mobile Android instrumentation π
This instrumentation uses the splunk-otel-android library.
Scenario |
Command |
|---|---|
Drop or redact parts of an attribute value. |
|
Drop specific attributes across all spans or events. |
|
Drop entire spans or events. |
|
Examples π
This code snippet redacts by string key and span name.
.removeSpanAttribute(stringKey("http.user_agent"))
.rejectSpansByName(spanName -> spanName.contains("ignored"))
// sensitive data in the login http.url attribute
// is redacted before data moves to the exporter
This code snippet uses spanfilter to drop spans.
options.spanFilter = { spanData in
var spanData = spanData
if spanData.name == "DropThis" {
return nil // spans with this name aren't sent
}
var atts = spanData.attributes
atts["http.url"] = .string("redacted") // change values for all urls
return spanData.settingAttributes(atts)
}
Splunk RUM for mobile iOS instrumentation π
This instrumentation uses the splunk-otel-ios library.
Scenario |
Command |
|---|---|
Drop or redact parts of an attribute value. |
|
Drop specific attributes across all spans or events. |
|
Drop entire spans or events. |
|
Examples π
Use the format (string\|regex)[] with ignoreUrls to drop all URLs that contain /payment/:
ignoreUrls: [/\/payment\//]
This code snippet uses spanfilter to drop spans.
options.spanFilter = { spanData in
var spanData = spanData
if spanData.name == "DropThis" {
return nil // spans with this name aren't sent
}
var atts = spanData.attributes
atts["http.url"] = .string("redacted") // change values for all urls
return spanData.settingAttributes(atts)
}
See also π
The following sample applications with examples of how to use these commands to obscure PII are available on Splunk OpenTelemetry GitHub:
splunk-otel-js-web sample application.
splunk-otel-android sample application.