redact
This page explains how to use the redact operator in APL.
The redact operator in APL replaces sensitive or unwanted data in string fields using regular expressions. You can use it to sanitize log data, obfuscate personal information, or anonymize text for auditing or analysis. The operator allows you to define one or multiple regular expressions to identify and replace matching patterns. You can customize the replacement token, generate hashes of redacted values, or retain structural elements while obfuscating specific segments of data.
This operator is useful when you need to ensure data privacy or compliance with regulations such as GDPR or HIPAA. For example, you can redact credit card numbers, email addresses, or personally identifiable information from logs and datasets.
For users of other query languages
If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
Usage
Syntax
Parameters
| Parameter | Type | Description |
|---|---|---|
replaceToken | string | The string with which to replace matches. If you specify a single character, Axiom replaces each character in the matching text with replaceToken. If you specify more than one character, Axiom replaces the whole of the matching text with replaceToken. The default replaceToken is the * character. |
replaceHash | bool | Specifies whether to replace matches with a hash of the data. You cannot use both replaceToken and replaceHash in the same query. |
redactGroups | bool | Specifies whether to look for capturing groups in the regex and only redact characters in the capturing groups. Use this option for partial replacements or replacements that maintain the structure of the data. The default is false. |
regex | regex | A single regex or an array/map of regexes to match against field values. |
on Field | Limits redaction to specific fields. If you omit this parameter, Axiom redacts all string fields in the dataset. |
Returns
Returns the input dataset with sensitive data replaced or hashed.
Use case examples
Use the redact operator to sanitize HTTP logs by obfuscating geographical data.
Query
Output
| _time | geo.city | geo.country |
|---|---|---|
| 2025-01-01 12:00:00 | xxx | xxxxxxxx |
| 2025-01-01 12:05:00 | xxxxxx | xxxxxxxxxx |
The query replaces all characters matching the pattern .* with the character x in the geo.city and geo.country fields.
List of related operators
- project: Select specific fields from the dataset. Useful for focused analysis.
- summarize: Aggregate data. Helpful when combining redacted data with statistical analysis.
- parse: Extract and parse structured data using regex patterns.
When you need custom replacement patterns, use the replace_regex function for precise control over string replacements. redact provides a simpler, security-focused interface. Use redact if you’re primarily focused on data privacy and compliance, and replace_regex if you need more control over the replacement text format.
Was this page helpful?