Live Workshop: Integrate Google SecOps with Bindplane - Join Us on January 29th at 11 AM ET!Sign Up Now

Filter by Condition

Filter by Condition Processor

The Filter by Condition processor can be used to include or exclude telemetry based on a condition that is evaluated against the telemetry data.

Supported Types

MetricsLogsTraces

Configuration

FieldDescription
Choose Telemetry TypeThe types of telemetry to filter.
ActionThe action to take when the condition is met. Include will retain matching telemetry. Exclude will remove matching telemetry.
ConditionThe condition to match against telemetry to include or exclude based on the action.

Example Configuration

Excluding matching log records

In this example, we exclude logs that have all of the following:

  • A host.name resource attribute that equals dev-server
  • An environment attribute that equals dev
  • A remote-ip log body field that equals 127.0.0.1

Web Interface

observIQ docs - Filter by Condition

API Reference

This processor can be defined as yaml and applied using the CLI or API.

Type

filter-by-condition

Parameters

ParameterTypeDefaultDescription
telemetry_typestelemetrySelector["Logs", "Metrics", "Traces"]The types of telemetry to filter.
actionenumexcludeThe action to take when the condition is met. Include will retain matching telemetry. Exclude will remove matching telemetry.
conditioncondition{"ottl":""}The condition to match against telemetry to include or exclude based on the action.

Standalone Processor

yaml
1apiVersion: bindplane.observiq.com/v1
2kind: Processor
3metadata:
4  name: filter-by-condition-example
5spec:
6  type: filter-by-condition
7  parameters:
8    - name: telemetry_types
9      value:
10        - Logs
11    - name: action
12      value: exclude
13    - name: condition
14      value:
15        ottl: (resource.attributes["host.name"] == "dev-server" and attributes["environment"] == "dev" and body["remote-ip"] == "127.0.0.1")
16        ui:
17          statements:
18            - key: host.name
19              match: resource
20              operator: Equals
21              value: dev-server
22            - key: environment
23              match: attributes
24              operator: Equals
25              value: dev
26            - key: remote-ip
27              match: body
28              operator: Equals
29              value: 127.0.0.1