Skip to main content
The redact operator in APL replaces sensitive or unwanted data in string fields using regular expressions. You can use it to sanitize log data, obfuscate personal information, or anonymize text for auditing or analysis. The operator allows you to define one or multiple regular expressions to identify and replace matching patterns. You can customize the replacement token, generate hashes of redacted values, or retain structural elements while obfuscating specific segments of data. This operator is useful when you need to ensure data privacy or compliance with regulations such as GDPR or HIPAA. For example, you can redact credit card numbers, email addresses, or personally identifiable information from logs and datasets.

For users of other query languages

If you come from other query languages, this section explains how to adjust your existing queries to achieve the same results in APL.
In Splunk SPL, data sanitization is often achieved using custom regex-based transformations or eval functions. The redact operator in APL simplifies this process by directly applying regular expressions and offering options for replacement or hashing.
ANSI SQL typically requires a combination of functions like REPLACE or REGEXP_REPLACE for data obfuscation. APL’s redact operator consolidates these capabilities into a single, flexible command.

Usage

Syntax

Parameters

Returns

Returns the input dataset with sensitive data replaced or hashed.

Sample regular expressions

Use case examples

Use the redact operator to sanitize HTTP logs by obfuscating geographical data.Query
Run in PlaygroundOutputThe query replaces all characters matching the pattern .* with the character x in the geo.city and geo.country fields.
  • project: Select specific fields from the dataset. Useful for focused analysis.
  • summarize: Aggregate data. Helpful when combining redacted data with statistical analysis.
  • parse: Extract and parse structured data using regex patterns.
When you need custom replacement patterns, use the replace_regex function for precise control over string replacements. redact provides a simpler, security-focused interface. Use redact if you’re primarily focused on data privacy and compliance, and replace_regex if you need more control over the replacement text format.