You don't encrypt basic headers and only encrypt the request body. This way you can still filter out using the header data. Once you uniquely identify the log, you can decrypt the request body.