Redact Events API

Event redaction is a BETA feature. Requires Humio version 1.5.0+

Humio has support for redacting individual events from the compressed segment files.

This API makes no promises that redacting events will free disk space, and is not intended to support data management or bulk deletion. Using it for these purposes is extremely inefficient. If you want to bulk delete data, you may want to adjust retention settings, or use the GraphQL API to delete the relevant dataspaces or datasources.

This API is intended to support removal of a small number of events from Humio, allowing you to eliminate specific events that must be removed for some reason. Common cases where this is useful is if you need to remove some personally identifiable information (e.g., due to a GDPR request), accidentally logged passwords or other confidential data from Humio.

The redaction mechanism will initially exclude the events you mark for redaction from future queries by filtering all query results. Once Humio determines that it is safe to do so, it will rewrite the affected segments, excluding the events that were marked for redaction. As rewriting segments is an expensive operation, we strongly discourage using this API in cases for which appropriate retention settings, or explicit deletions of dataspaces, would suffice.

You must be authorized to trigger event redaction.

The GraphQL mutation redactEvents can be used to submit deletions.

This is an example redacting all events with a password field in the specified time interval in milliseconds.

humio
mutation {
  redactEvents(input: {
    repositoryName: "humio"
    start: "2021-09-17T03:00:00Z",
    end: "2021-09-17T03:15:00Z",
    query: "password=*"
  })
}

The mutation will return the id of the submitted redaction task.

The GraphQL query redactEvents will return the list of redaction tasks that have not yet completed segment rewrites.

An example listing the pending redactions in the Humio repository, using the GraphQL API Explorer.

humio
query {
  redactEvents(repositoryName: "humio") {
    id
  }
}

It is possible to cancel submitted redactions via the cancelRedactEvents mutation.

Cancellation is best-effort, and if events have already been redacted from segments, they will not be restored.