Sanitizing data

edit

Sometimes it is necessary to sanitize the data sent to Elastic APM, e.g. remove sensitive data.

To do this with the Elastic APM module, you create a processor. A processor is a function that takes a client instance as well as an event (an error or a transaction), and returns the modified event.

This is an example of a processor that removes the exception stacktrace from an error:

def my_processor(client, event):
    if 'exception' in event and 'stacktrace' in event['exception']:
        event['exception'].pop('stacktrace')
    return event

To use this processor, update your ELASTIC_APM settings like this:

ELASTIC_APM = {
    'APP_NAME': '<APP-NAME>',
    'SECRET_TOKEN': '<SECRET-TOKEN>',
    'PROCESSORS': (
        'path.to.my_processor',
        'elasticapm.processors.sanitize_stacktrace_locals',
        'elasticapm.processors.sanitize_http_request_cookies',
        'elasticapm.processors.sanitize_http_headers',
        'elasticapm.processors.sanitize_http_wsgi_env',
        'elasticapm.processors.sanitize_http_request_querystring',
        'elasticapm.processors.sanitize_http_request_body',
        'elasticapm.processors.mark_in_app_frames',
    ),
}

We recommend to use the above list of processors that sanitize passwords and secrets in different places of the event object.