I am using Datadog Sensitive Data Scanner to redact some sensitive data from my logs. Datadog Sensitive Data Scanner supports Perl Compatible Regular Expressions (PCRE).
Example of a line of log:
Resolved URI: https://a/random/url/search?idNumber=12345678 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
In the GUI, I define the regex that content will be checked against:
idNumber=(\d+)
In the replacement text, I set the text:
[REDACTED]
My desired result should be:
Resolved URI: https://a/random/url/search?idNumber=[REDACTED] HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
But I get this result, which is does the job but not exactly what I want:
Resolved URI: https://a/random/url/search?[REDACTED] HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
It looks like datadog replace the whole Match result idNumber=12345678
with [REDACTED] while my desired result would be to replace the group number 12345678
To match just the number, use a look behind:
(?<=idNumber=)\d+
See live demo.
It seems Datadog does not support look arounds, so instead of replacing with
[REDACTED]
replace your match with
idNumber=[REDACTED]
And you can just match without the group idNumber=\d+