redact

Description

The redact command replaces parts of a string that match a given substring or regular expression with a replacement value. It’s commonly used to hide sensitive information such as emails, tokens, or identifiers found in message fields.

You can use either a plain string or a regular expression pattern to define what should be redacted.

note

The optional keyword matching improves readability but is not required.

Syntax

redact <keypath> [matching] /<regular-expression>/ to '<redacted_str>'

redact <keypath> [matching] <string> to '<redacted_str>'

Example

Use case: Remove sensitive email addresses from log messages

Sensitive information often appears in free-text fields like msg. The redact command helps ensure data privacy by substituting these details with a placeholder string.

Example data

{ "msg": "User chris with email chris@coralogix.com just signed in!" },
{ "msg": "Support contact: help@coralogix.com" }

Example query

redact msg matching /[a-z0-9][+@coralogix.com](mailto:+@coralogix.com)/ to 'REDACTED'

Example output

{ "msg": "User chris with email REDACTED just signed in!" },
{ "msg": "Support contact: REDACTED" }

The redact command scans each string in msg, finds patterns matching the given regular expression, and replaces them with the literal 'REDACTED'.

note

You can also redact by an exact substring instead of a regex:

redact msg matching "coralogix.com" to "[DOMAIN HIDDEN]"