Live Workshop: Integrate Google SecOps with Bindplane - Join Us on January 29th at 11 AM ET!Sign Up Now

Filter by Regex

Filter by Regex Processor

The Filter by Regex processor can be used to include or exclude logs based on Regex matching body fields. This processor is exclusive to the Google license.

tip

Enterprise and Free users should use the Filter By Condition processor, which has more robust filtering.

MetricsLogsTraces
FieldDescription
ActionThe action to take when the filter condition is met. Include will retain matching logs. Exclude will remove matching logs.
RegexThe regular expression (Regex) that logs will be evaluated against.
MatchThe type containing the field the Regex will be evaluated against. Options are "Body" and "Attributes".
Field (Body)If Field Type is set to "body", this is the name of the body field Regex will be evaluated against. Leave empty to apply to the entire body.
Field (Attributes)If Field Type is set to "attributes", this is the name of the attribute field Regex will be evaluated against.

Example Configuration

In this example, we exclude logs that have the body field "path" matching this Regex: .+(?:ql).

Web Interface

observIQ docs - Filter by Regex Processor - image 1

Standalone Processor

yaml
1apiVersion: bindplane.observiq.com/v1
2kind: Processor
3metadata:
4  id: filter_regex
5  name: filter_regex
6spec:
7  type: google_filter_regex
8  parameters:
9    - name: action
10      value: exclude
11    - name: regex
12      value: '.+(?:ql)'
13    - name: field_type
14      value: 'Body'
15    - name: body_field
16      value: 'path'