# `redact`

## Description

The `redact` command replaces parts of a string that match a given substring or regular expression with a replacement value. It’s commonly used to hide sensitive information such as emails, tokens, or identifiers found in message fields.

You can use either a plain string or a regular expression pattern to define what should be redacted.

Note

The optional keyword `matching` improves readability but is not required.

## Syntax

```dataprime
redact <keypath> [matching] /<regular-expression>/ to '<redacted_str>'

redact <keypath> [matching] <string> to '<redacted_str>'
```

## Example

**Use case: Remove sensitive email addresses from log messages**

Sensitive information often appears in free-text fields like `msg`. The `redact` command helps ensure data privacy by substituting these details with a placeholder string.

### Example data

```json
{ "msg": "User chris with email chris@coralogix.com just signed in!" },
{ "msg": "Support contact: help@coralogix.com" }
```

### Example query

```dataprime
redact msg matching /[a-z0-9][+@coralogix.com](mailto:+@coralogix.com)/ to 'REDACTED'
```

### Example output

```json
{ "msg": "User chris with email REDACTED just signed in!" },
{ "msg": "Support contact: REDACTED" }
```

The `redact` command scans each string in `msg`, finds patterns matching the given regular expression, and replaces them with the literal `'REDACTED'`.

Note

You can also redact by an exact substring instead of a regex:

```dataprime
redact msg matching "coralogix.com" to "[DOMAIN HIDDEN]"
```