From 7b31f0018ab93b7ee361b4e0f8815586b1bea02e Mon Sep 17 00:00:00 2001 From: DeForest Richards Date: Mon, 15 Jun 2026 15:15:40 -0600 Subject: [PATCH] [DOCS-14732] Add Sensitive Data Scanner troubleshooting doc --- config/_default/menus/main.en.yaml | 5 ++++ .../sensitive_data_scanner/troubleshooting.md | 29 +++++++++++++++++++ 2 files changed, 34 insertions(+) create mode 100644 content/en/security/sensitive_data_scanner/troubleshooting.md diff --git a/config/_default/menus/main.en.yaml b/config/_default/menus/main.en.yaml index 7b8f1907fac..f641066ec91 100644 --- a/config/_default/menus/main.en.yaml +++ b/config/_default/menus/main.en.yaml @@ -8483,6 +8483,11 @@ menu: identifier: sds_guides parent: sensitive_data_scanner weight: 3 + - name: Troubleshooting + url: /security/sensitive_data_scanner/troubleshooting/ + identifier: sds_troubleshooting + parent: sensitive_data_scanner + weight: 4 - name: Synthetic Testing and Monitoring url: synthetics/ pre: synthetics diff --git a/content/en/security/sensitive_data_scanner/troubleshooting.md b/content/en/security/sensitive_data_scanner/troubleshooting.md new file mode 100644 index 00000000000..e1d9a08c454 --- /dev/null +++ b/content/en/security/sensitive_data_scanner/troubleshooting.md @@ -0,0 +1,29 @@ +--- +title: Troubleshoot Sensitive Data Scanner +description: Troubleshoot common Sensitive Data Scanner issues, including scanning rules that do not match data as expected and obfuscation actions that are unavailable. +further_reading: +- link: "/security/sensitive_data_scanner/setup/telemetry_data/" + tag: "Documentation" + text: "Set up Sensitive Data Scanner for Telemetry Data" +--- + +## A scanning rule does not match data as expected + +If a Sensitive Data Scanner rule does not match data that you expect it to match, check the following causes: + +- **Numeric values**: Sensitive Data Scanner does not scan integer, float, or double values. To scan a numeric value, store it as a string. +- **Attribute paths**: The `@` prefix used in log search queries is not supported in attribute path fields. Use `function.request.body.password`, not `@function.request.body.password`. +- **Tags**: Sensitive Data Scanner cannot scan tags directly. To scan a tag, remap the tag to an attribute first, and then scan the attribute. See [Redact sensitive data in tags][1] for the steps. + +## An obfuscation action is unavailable + +The Sensitive Data Scanner obfuscation actions are **Redact**, **Partially redact**, **Hash**, and **Mask**. If you cannot select one of these actions, check the following causes: + +- **Sampling is enabled**: The **Redact**, **Partially redact**, **Hash**, and **Mask** actions are not available when a scanning group has sampling enabled. To use these actions, disable sampling in the scanning group settings so that all data matching the group query filter is scanned. +- **Mask is supported for logs only**: The **Mask** action is not available for APM, RUM, or Event Management data. + +## Further reading + +{{< partial name="whats-next/whats-next.html" >}} + +[1]: /security/sensitive_data_scanner/setup/telemetry_data/#redact-sensitive-data-in-tags