Sanitizing data

edit

Sometimes it is necessary to sanitize the data sent to Elastic APM, e.g. remove sensitive data.

To do this with the Elastic APM module, you create a processor. A processor is a function that takes a client instance as well as an event (an error or a transaction), and returns the modified event.

This is an example of a processor that removes the exception stacktrace from an error:

from elasticapm.conf.constants import ERROR
from elasticapm.processors import for_events

@for_events(ERROR)
def my_processor(client, event):
    if 'exception' in event and 'stacktrace' in event['exception']:
        event['exception'].pop('stacktrace')
    return event

You can use the @for_events decorator to limit for which event type the processor should be called. Possible choices are ERROR, TRANSACTION, and SPAN, all of which are defined in elasticapm.conf.constants.

To use this processor, update your ELASTIC_APM settings like this:

ELASTIC_APM = {
    'APP_NAME': '<APP-NAME>',
    'SECRET_TOKEN': '<SECRET-TOKEN>',
    'PROCESSORS': (
        'path.to.my_processor',
        'elasticapm.processors.sanitize_stacktrace_locals',
        'elasticapm.processors.sanitize_http_request_cookies',
        'elasticapm.processors.sanitize_http_headers',
        'elasticapm.processors.sanitize_http_wsgi_env',
        'elasticapm.processors.sanitize_http_request_querystring',
        'elasticapm.processors.sanitize_http_request_body',
    ),
}

We recommend to use the above list of processors that sanitize passwords and secrets in different places of the event object.