Example Log:

CEF:0|WAF|SIEMintegration|1|1|Normal|0| fileId=989000730114151753 sourceServiceName=website.com postbody=first_name\=XXXXXX&last_name\=XXXX&shipping_first_name\=ABCDE&shipping_last_name\=EFGHI&record_number\=123412345

I am having trouble getting my regex in transforms.conf to mask:
1. shipping_first_name
2. shipping_last_name
3. record_number

Transforms.conf

[record-anonymizer]
REGEX = (?m)^(.*)record_number..\d{2,}$
FORMAT = $1rn=##
DEST_KEY = _raw

[first-name-anonymizer]
REGEX = (?m)^(.*)shipping_first_name..(\w{2,})&$
FORMAT = $1fn=##$
DEST_KEY = _raw

[last-name-anonymizer]
REGEX = (?m)^(.*)shipping_last_name..(\w{2,})&$
FORMAT = $1ln=##$
DEST_KEY = _raw

props.conf

[Test]
TRANSFORMS-anonymize = record-anonymizer, first-name-anonymizer, last-name-anonymizer