In the Splunk deployment we have, I'm using the Splunk universal forwarder to monitor changes to a folder, specifically when a file is added, on an sftp server. So far this is working, however it's showing not only that there has been a change, but the contents of the files in that directory. Is there a way to show the filename only and not the contents of the file, as there is sensitive information contained therein?
↧