open-telemetry · iblancasa · Nov 27, 2025
@@ -0,0 +1,27 @@
+# Use this changelog template to create an entry for release notes.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: 'enhancement'
+
+# The name of the component, or a single word describing the area of concern, (e.g. receiver/filelog)
+component: processor/redaction
+
+# A brief description of the change.  Surround your text with quotes ("") if it needs to start with a backtick (`).
+note:  Add `sanitize_span_name` option to URL and DB sanitization configs.
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+issues: [44228]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
+
+# If your change doesn't affect end users or the exported elements of any package,
+# you should instead start your pull request title with [chore] or use the "Skip Changelog" label.
+# Optional: The change log or logs in which this entry should be included.
+# e.g. '[user]' or '[user, api]'
+# Include 'user' if the change is relevant to end users.
+# Include 'api' if there is a change to a library API.
+# Default: '[user]'
+change_logs: []
@@ -108,6 +108,10 @@ processors:
       enabled: true
       # attributes is a list of attribute keys that contain URLs to be sanitized
       attributes: ["http.url", "url"]
+      # sanitize_span_name controls whether span names should be sanitized for URLs (default: true)
+      # When enabled, span names containing "/" will be sanitized to reduce cardinality
+      # Set to false to disable span name sanitization while keeping attribute sanitization active
+      sanitize_span_name: true
 ```
 
 Refer to [config.yaml](./testdata/config.yaml) for how to fit the configuration
@@ -138,7 +142,15 @@ are `md5`, `sha1` and `sha3` (SHA-256).
 
 The `url_sanitizer` configuration enables sanitization of URLs in specified attributes by removing potentially sensitive information like UUIDs, timestamps, and other non-essential path segments. This is particularly useful for reducing cardinality in telemetry data while preserving the essential parts of URLs for troubleshooting.
 
-Additionally, URL sanitization automatically applies to span names for client and server span types that contain "/" characters. This helps reduce cardinality issues caused by high-variability URL paths in span names while preserving the essential routing information needed for observability.
+### Span Name Sanitization
+
+By default, when URL sanitization is enabled, span names for client and server span types that contain "/" characters are automatically sanitized. This helps reduce cardinality issues caused by high-variability URL paths in span names while preserving essential routing information.
+
+You can control this behavior using the `sanitize_span_name` option:
+- `true` (default): Span names will be sanitized along with attributes
+- `false`: Only attributes are sanitized, span names remain unchanged
+
+This option is available independently for both URL and database sanitization, allowing fine-grained control over which span names should be redacted.
 
 For example, if `notes` is on the list of allowed keys, then the `notes`
 attribute is retained. However, if there is a value such as a credit card
@@ -165,6 +177,10 @@ processors:
 
     # Database sanitization configuration
     db_sanitizer:
+      # sanitize_span_name controls whether span names should be sanitized for database queries (default: true)
+      # When enabled, span names will be obfuscated to remove sensitive query details
+      # Set to false to disable span name sanitization while keeping attribute sanitization active
+      sanitize_span_name: true
       sql:
         enabled: true
         attributes: ["db.statement", "db.query"]
@@ -191,5 +207,8 @@ The database sanitizer will:
 - Sanitize MongoDB queries and JSON payloads
 - Process only specified attributes if provided
 - Preserve query structure while removing sensitive data
+- Sanitize span names containing database queries (can be controlled with `sanitize_span_name`)
+
+By default, database query sanitization also applies to span names for client span types. You can disable this behavior by setting `sanitize_span_name: false` in the `db_sanitizer` configuration, which allows you to keep original database query span names while still sanitizing the query values in attributes.
 
 This provides an additional layer of protection when collecting telemetry that includes database operations.
@@ -11,6 +11,7 @@ type DBSanitizerConfig struct {
 	MongoConfig      MongoConfig      `mapstructure:"mongo"`
 	OpenSearchConfig OpenSearchConfig `mapstructure:"opensearch"`
 	ESConfig         ESConfig         `mapstructure:"es"`
+	SanitizeSpanName *bool            `mapstructure:"sanitize_span_name"`
 }
 
 type SQLConfig struct {

@@ -7,4 +7,6 @@ type URLSanitizationConfig struct {
 	Enabled bool `mapstructure:"enabled"`
 	// Attributes is the list of attributes that will be sanitized.
 	Attributes []string `mapstructure:"attributes"`
+	// SanitizeSpanName controls whether span names should be sanitized.
+	SanitizeSpanName *bool `mapstructure:"sanitize_span_name"`
 }
@@ -145,10 +145,10 @@ func (s *redaction) processResourceSpan(ctx context.Context, rs ptrace.ResourceS
 
 			if s.shouldRedactSpanName(&span) {
 				name := span.Name()
-				if s.urlSanitizer != nil {
+				if s.shouldSanitizeSpanNameForURL() {
 					name = s.urlSanitizer.SanitizeURL(name)
 				}
-				if s.dbObfuscator.HasObfuscators() {
+				if s.shouldSanitizeSpanNameForDB() {
 					var err error
 					name, err = s.dbObfuscator.Obfuscate(name)
 					if err != nil {
@@ -509,7 +509,9 @@ func (s *redaction) shouldRedactKey(k string) bool {
 }
 
 func (s *redaction) shouldRedactSpanName(span *ptrace.Span) bool {
-	if s.urlSanitizer == nil && !s.dbObfuscator.HasObfuscators() {
+	shouldSanitizeDB := s.shouldSanitizeSpanNameForDB()
+
+	if !s.shouldSanitizeSpanNameForURL() && !shouldSanitizeDB {
 		return false
 	}
 	spanKind := span.Kind()
@@ -518,12 +520,33 @@ func (s *redaction) shouldRedactSpanName(span *ptrace.Span) bool {
 	}
 
 	spanName := span.Name()
-	if !strings.Contains(spanName, "/") && !s.dbObfuscator.HasObfuscators() {
+	if !strings.Contains(spanName, "/") && !shouldSanitizeDB {
 		return false
 	}
 	return !s.shouldAllowValue(spanName)
 }
 
+func (s *redaction) shouldSanitizeSpanNameForURL() bool {
+	if s.urlSanitizer == nil {
+		return false
+	}
+
+	if s.config.URLSanitization.SanitizeSpanName == nil {
+		return true
+	}
+	return *s.config.URLSanitization.SanitizeSpanName
+}
+
+func (s *redaction) shouldSanitizeSpanNameForDB() bool {
+	if !s.dbObfuscator.HasObfuscators() {
+		return false
+	}
+	if s.config.DBSanitizer.SanitizeSpanName == nil {
+		return true
+	}
+	return *s.config.DBSanitizer.SanitizeSpanName
+}
+
 const (
 	debug                      = "debug"
 	info                       = "info"

@@ -2039,3 +2039,210 @@ func TestDBObfuscationSpanName(t *testing.T) {
 		assert.NotEqual(t, "SELECT * FROM cache WHERE key = 'user:123'", outSpan.Name())
 	})
 }
+
+func TestSanitizeSpanNameFlag(t *testing.T) {
+	t.Run("URL/default behavior", func(t *testing.T) {
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				URLSanitization: url.URLSanitizationConfig{
+					Enabled: true,
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		span.SetName("/users/123/profile")
+		span.SetKind(ptrace.SpanKindClient)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		assert.Equal(t, "/users/*/profile", outSpan.Name())
+	})
+
+	t.Run("URL/disabled", func(t *testing.T) {
+		sanitizeSpanName := false
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				URLSanitization: url.URLSanitizationConfig{
+					Enabled:          true,
+					SanitizeSpanName: &sanitizeSpanName,
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		span.SetName("/users/123/profile")
+		span.SetKind(ptrace.SpanKindClient)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		assert.Equal(t, "/users/123/profile", outSpan.Name())
+	})
+
+	t.Run("URL/explicitly enabled", func(t *testing.T) {
+		sanitizeSpanName := true
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				URLSanitization: url.URLSanitizationConfig{
+					Enabled:          true,
+					SanitizeSpanName: &sanitizeSpanName,
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		span.SetName("/users/123/profile")
+		span.SetKind(ptrace.SpanKindClient)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		assert.Equal(t, "/users/*/profile", outSpan.Name())
+	})
+
+	t.Run("DB/default behavior", func(t *testing.T) {
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				DBSanitizer: db.DBSanitizerConfig{
+					SQLConfig: db.SQLConfig{
+						Enabled: true,
+					},
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		span.SetName("SELECT * FROM users WHERE id = 123")
+		span.SetKind(ptrace.SpanKindClient)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		assert.Equal(t, "SELECT * FROM users WHERE id = ?", outSpan.Name())
+	})
+
+	t.Run("DB/disabled", func(t *testing.T) {
+		sanitizeSpanName := false
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				DBSanitizer: db.DBSanitizerConfig{
+					SQLConfig: db.SQLConfig{
+						Enabled: true,
+					},
+					SanitizeSpanName: &sanitizeSpanName,
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		span.SetName("SELECT * FROM users WHERE id = 123")
+		span.SetKind(ptrace.SpanKindClient)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		assert.Equal(t, "SELECT * FROM users WHERE id = 123", outSpan.Name())
+	})
+
+	t.Run("DB/explicitly enabled", func(t *testing.T) {
+		sanitizeSpanName := true
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				DBSanitizer: db.DBSanitizerConfig{
+					SQLConfig: db.SQLConfig{
+						Enabled: true,
+					},
+					SanitizeSpanName: &sanitizeSpanName,
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		span.SetName("SELECT * FROM users WHERE id = 123")
+		span.SetKind(ptrace.SpanKindClient)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		assert.Equal(t, "SELECT * FROM users WHERE id = ?", outSpan.Name())
+	})
+
+	t.Run("both URL and DB flags work independently", func(t *testing.T) {
+		urlSanitizeSpanName := false
+		dbSanitizeSpanName := false
+		tc := testConfig{
+			config: &Config{
+				AllowAllKeys: true,
+				URLSanitization: url.URLSanitizationConfig{
+					Enabled:          true,
+					SanitizeSpanName: &urlSanitizeSpanName,
+				},
+				DBSanitizer: db.DBSanitizerConfig{
+					SQLConfig: db.SQLConfig{
+						Enabled: true,
+					},
+					SanitizeSpanName: &dbSanitizeSpanName,
+				},
+			},
+		}
+
+		inBatch := ptrace.NewTraces()
+		rs := inBatch.ResourceSpans().AppendEmpty()
+		ils := rs.ScopeSpans().AppendEmpty()
+		span := ils.Spans().AppendEmpty()
+		span.SetName("/api/users/123")
+		span.SetKind(ptrace.SpanKindClient)
+
+		processor, err := newRedaction(t.Context(), tc.config, zaptest.NewLogger(t))
+		require.NoError(t, err)
+		outTraces, err := processor.processTraces(t.Context(), inBatch)
+		require.NoError(t, err)
+
+		outSpan := outTraces.ResourceSpans().At(0).ScopeSpans().At(0).Spans().At(0)
+		assert.Equal(t, "/api/users/123", outSpan.Name())
+	})
+}