regexdatadog

Datadog Regex is not replacing the right data


I am using Datadog Sensitive Data Scanner to redact some sensitive data from my logs. Datadog Sensitive Data Scanner supports Perl Compatible Regular Expressions (PCRE).

Example of a line of log:

Resolved URI: https://a/random/url/search?idNumber=12345678 HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)

In the GUI, I define the regex that content will be checked against:

idNumber=(\d+)

In the replacement text, I set the text:

[REDACTED]

My desired result should be:

Resolved URI: https://a/random/url/search?idNumber=[REDACTED] HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)

But I get this result, which is does the job but not exactly what I want:

Resolved URI: https://a/random/url/search?[REDACTED] HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)

It looks like datadog replace the whole Match result idNumber=12345678 with [REDACTED] while my desired result would be to replace the group number 12345678

enter image description here


Solution

  • To match just the number, use a look behind:

    (?<=idNumber=)\d+
    

    See live demo.


    It seems Datadog does not support look arounds, so instead of replacing with

    [REDACTED]
    

    replace your match with

    idNumber=[REDACTED]
    

    And you can just match without the group idNumber=\d+