Live Workshop: Integrate Google SecOps with Bindplane - Join Us on January 29th at 11 AM ET!Sign Up Now

Filter Severity

Description

The Severity Filter processor can be used to filter out logs that do not meet a given severity threshold.

Supported Types

MetricsLogsTraces

Configuration Table

ParameterTypeDefaultDescription
severityenumTRACEMinimum severity to match. Log entries with lower severities will be filtered.
conditionstringtrueAn OTTL expression used to match which log records to sample from. All paths in the log context are available to reference. All converters are available to use.

Valid severity levels:

  • TRACE
  • INFO
  • WARN
  • ERROR
  • FATAL

Example Configuration

Filter out INFO and TRACE logs where Attribute ID is less than 3.

Web Interface

observIQ docs - Filter Severity - image 1

Standalone Processor

yaml
1apiVersion: bindplane.observiq.com/v1
2kind: Processor
3metadata:
4  id: severity-filter
5  name: severity-filter
6spec:
7  type: filter_severity
8  parameters:
9    - name: severity
10      value: WARN
11    - name: condition
12      value:
13        ottl: (attributes["ID"] < 3)
14        ui:
15          operator: ''
16          statements:
17            - key: ID
18              match: attributes
19              operator: <
20              value: '3'

Configuration with Embedded Processor

yaml
1apiVersion: bindplane.observiq.com/v1
2kind: Configuration
3metadata:
4  id: severity-filter
5  name: severity-filter
6  labels:
7    platform: linux
8spec:
9  sources:
10    - type: journald
11      parameters:
12        - name: units
13          value: []
14        - name: directory
15          value: ''
16        - name: priority
17          value: info
18        - name: start_at
19          value: end
20      processors:
21        - type: filter_severity
22          parameters:
23            - name: severity
24              value: WARN
25            - name: condition
26              value:
27                ottl: (attributes["ID"] < 3)
28                ui:
29                  operator: ''
30                  statements:
31                    - key: ID
32                      match: attributes
33                      operator: <
34                      value: '3'
35  selector:
36    matchLabels:
37      configuration: severity-filter