Replace directive is not able to mask JWT and other secrets

In an attempt to mask some secrets from my container logs being streamed to grafana using promtail container.
I have been struggling to get the replace directive in my grafana config to work with this. Can anyone please help?
This is what I have as part of my config ( multiple JWT variations I have tried but failed. I still see jwt which is passed as a query param in one of the requests on grafana

  • job_name: containers
    pipeline_stages:
    • json:
      expressions:
      output: log
      stream: stream
      attrs:
    • json:
      expressions:
      tag:
      source: attrs
    • regex:
      expression: ‘(?P<container_name>(?:[^|]*[^|]))’
      source: tag
    • timestamp:
      format: RFC3339Nano
      source: time
    • labels:
      tag:
      stream:
      container_name:
    • replace:
      expression: ‘token=(eyJ.*)’
      replace: ‘masked’
    • replace:
      expression: ‘eyJ[a-zA-Z0-9_-]+.[a-zA-Z0-9_-]+.[a-zA-Z0-9_-]+’
      replace: ‘[JWT_MASKED]’
    • replace:
      expression: ‘(eyJ[a-zA-Z0-9-]+.[a-zA-Z0-9-]+.[a-zA-Z0-9-_]+)’
      replace: ‘[JWT2_Masked]’
    • replace:
      expression: ‘(eyJ.*)’
      replace: ‘[JWT3_Masked]’
    • replace:
      expression: ‘(?|&)(state|next|id_token|access_token|refresh_token)=[^&\s]+’
      replace: ‘${1}${2}=[MASKED]’
    • replace:
      expression: ‘“Authorization”: “Bearer (eyJ[^”]+)"’
      replace: ‘“Authorization”: “Bearer [JWT4_Masked]”’
    • replace:
      expression: ‘(/.*[^/\s:@]{3,20}:)(:?[^/\s:@]{3,20})(@.{1,100}[^’‘\s])’
      replace: ‘[Password_In_Path_Masked]’
    • output:
      source: output
      static_configs:
      • targets:
        • localhost
      • labels:
        container_name:
        job: containerlogs
        path: /var/lib/docker/containers//-json.log
        team: ${GRAFANA_TEAM}

Your final output is output, but not of your regex is replacing from the output field.