hey premranjithj

if you want to mask anything after Id: with Id: XXXX
then use below query

 | rex field=_raw mode=sed "s/Id:\s((\d+-\d+)|(\d+))/Id: XXXX/g"

If you want to mask : ASEEM7593 with : XXXX

| rex field=raw mode=sed "s/:\s[A-Z]+\d+/: XXXX/g"

If you want to mask value 377593df332 with value XXXX

| rex field=raw mode=sed "s/\w+$/XXXX/g"

If you want to mask P58U0040 with P58UXXXX

| rex field=raw mode=sed "s/P58U\d{4}/P58UXXXX/g"

If you want to mask any email in the data then use

| rex field=raw mode=sed "s/((\w[\w\-\.]+@\w+.com))(.*)/XXXX/g"

If you want to mask any email except your domain suppose gmail

| rex field=raw mode=sed "s/[A-z0-9._%+-]+@[A-z0-9.-]+\.[A-z]{2,63}(?<!@gmail.com)(?:[^A-z]|$)/XXXX/g"

Let me know if this helps you!