Hi All,

I have events with text strings like this:

    ..._Code/> <InDesc>Diagnosis=Read Code,Comment=carrying | ladder and triped and  fell hurt  L Shoulder / upper back- issues is pain,DiagnosisSide=right</InDesc> <First_Name...

I want to redact the blue text and can easily do so with this sort of thing:

    SEDCMD-test = s/(<InDesc>)[^<]+/\1Splunk_Redacted/g

Giving a result like:

   ..._Code/> <InDesc>Splunk_Redacted</InDesc> <First_Name..

BUT I would prefer to retain the structure of the blue text (i.e. replace the digits with 9 and the letters all with A or a but leaving the rest.    I can do that part individually like this:

echo "Diagnosis=Read Code,Comment=carrying | ladder and triped and  fell hurt  L Shoulder / upper back- issues is pain,DiagnosisSide=right" | sed y/abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/aaaaaaaaaaaaaaaaaaaaaaaaaaAAAAAAAAAAAAAAAAAAAAAAAAAA9999999999/

And getting this output

Aaaaaaaaa=Aaaa Aaaa,Aaaaaaa=aaaaaaaa | aaaaaa aaa aaaaaa aaa  aaaa aaaa  A Aaaaaaaa / aaaaa aaaa- aaaaaa aa aaaa,AaaaaaaaaAaaa=aaaaa

But how can I combine them both to achieve this output: 

   ..._Code/> <InDesc>Aaaaaaaaa=Aaaa Aaaa,Aaaaaaa=aaaaaaaa | aaaaaa aaa aaaaaa aaa  aaaa aaaa  A Aaaaaaaa / aaaaa aaaa- aaaaaa aa aaaa,AaaaaaaaaAaaa=aaaaa</InDesc> <First_Name..

Any thoughts would be much appreciated.

Thanks, Keith