Filter by Field

Filter by Field Processor

The Filter by Field processor can be used to include or exclude telemetry based on matched resource attributes, attributes, or log body fields.

Supported Types

Metrics	Logs	Traces
✓	✓	✓

Configuration Table

Parameter	Type	Default	Description
telemetry_types	`enums`	`["Metrics", "Logs", "Traces"]`	The list of telemetry types the processor will act on.
action	`enum`	`exclude`	Whether to `include` (retain) or `exclude` (drop) matches.
match_type	`enum`	`strict`	Method for matching values. Strict matching requires that 'value' be an exact match. Regexp matching uses re2 to match a value.
attributes	`map`	`[]`	Attribute key value pairs to filter on. Telemetry is filtered if all attribute, resource, and body key pairs are matched.
resources	`map`	`[]`	Resource key value pairs to filter on. Telemetry is filtered if all attribute, resource, and body key pairs are matched.
bodies	`map`	`[]`	Log body key value pairs to filter on. Log records filtered if all attribute, resource, and body key pairs are matched.

Example Configuration

Excluding matching log records

In this example, we exclude logs that have all of the following:

An environment attribute that equals dev
A host.name resource attribute that equals dev-server
A remote-ip log body field that equals 127.0.0.1

Web Interface

observIQ docs - Filter by Field - image 1

Standalone Processor

yaml

1apiVersion: bindplane.observiq.com/v1
2kind: Processor
3metadata:
4  id: filter_field
5  name: filter_field
6spec:
7  type: filter_field
8  parameters:
9  - name: telemetry_types
10    value:
11    - Metrics
12    - Logs
13    - Traces
14  - name: action
15	  value: exclude
16  - name: match_type
17  	value: strict
18  - name: attributes
19  	value:
20  		environment: dev
21  - name: resources
22  	value:
23  		host.name: dev-server
24  - name: bodies
25  	value:
26  		remote-ip: 127.0.0.1

Updated 25 days ago