testing redaction processor and not working

[juju4]

I'm testing on nginx web logs with query like "https://test.example.com/otel-redaction-testing/?visa_credit=4222222222222"
nginx is saving logs in json with fields request, uri and query_parameters where I would expect data to be redacted.
Following config is not working

processors:
  [...]
  redaction/test:
    allow_all_keys: true
    allowed_keys:
    - uri
    - query_parameters
    blocked_values:
    - 4[0-9]{12}(?:[0-9]{3})?
    - (5[1-5][0-9]{14})
    - password=\S+
    - secret=\S+
    - token=\S+
    summary: debug

no logs in sudo journalctl -u otel-collector -l --no-pager -g redaction
tested on otelcol-contrib 0.111.0 and 0.122.0 on Linux Ubuntu 22.04 LTS

It's not very clear what happens, is it the whole log record that is masked/hashed or just the attribute?
but if attribute is easily defined in json/xml, what about string log?
imho, clearer when defined as a regex with (group) match. like '/password=([^\s;]*)/password=REDACTED/'