Filter by Regex

Filter by Regex Processor

The Filter by Regex processor can be used to include or exclude logs based on Regex matching body fields. This processor is exclusive to the Google license.

tip

Enterprise and Free users should use the Filter By Condition processor, which has more robust filtering.

Metrics	Logs	Traces
	✓

Field	Description
Action	The action to take when the filter condition is met. Include will retain matching logs. Exclude will remove matching logs.
Regex	The regular expression (Regex) that logs will be evaluated against.
Match	The type containing the field the Regex will be evaluated against. Options are "Body" and "Attributes".
Field (Body)	If `Field Type` is set to "body", this is the name of the body field Regex will be evaluated against. Leave empty to apply to the entire body.
Field (Attributes)	If `Field Type` is set to "attributes", this is the name of the attribute field Regex will be evaluated against.

Example Configuration

In this example, we exclude logs that have the body field "path" matching this Regex: .+(?:ql).

Web Interface

observIQ docs - Filter by Regex Processor - image 1

Standalone Processor

yaml

1apiVersion: bindplane.observiq.com/v1
2kind: Processor
3metadata:
4  id: filter_regex
5  name: filter_regex
6spec:
7  type: google_filter_regex
8  parameters:
9    - name: action
10      value: exclude
11    - name: regex
12      value: '.+(?:ql)'
13    - name: field_type
14      value: 'Body'
15    - name: body_field
16      value: 'path'

Updated 4 months ago