We have updated our Terms of Service, Code of Conduct, and Addendum.

WAF Regex Filter help

Eh_See Posts: 1

Hi All, Posted this in the Slack channel but no bites.

We are trying to filter out data from an WAF log to decrease the log size ingested. I created a parser in the existing WAF pipeline using the “Extract” Operation Mode but I cant seem to get it to function correctly.  I was told by support the "Mask Function" would work best, they said "Within that function you can specify the regex and replace it with "". "

Not sure how to go about that route. I'm essentially trying to drop data in the log using the following regex but like i said it doesnt seem to function when I test with sample log. The regex is the following -> nContent-Security-Policy-Report-Only.*?DFCspReportFunction\+blob:.*



  • Paul Dott
    Paul Dott Posts: 33 ✭✭

    Can you share a couple of sample events (sanitized) with how the event comes in and how you would like it to go out?

    Also a screenshot of your pipeline.