Marshal | observIQ

Marshal

Description

The Marshal Processor moves fields onto the body and turns them into a JSON or Key Value string.

note

To use this processor, the input body must not be a string; it must contain one or more fields.

Supported Types

Metrics	Logs	Traces
	✓

Configuration Table

Parameter	Type	Default	Description
format	`enum`	`None`	Which format to marshal to. Can be JSON, KV, or None.
log_fields_to_include	`ottlFields`	`[]`	Which log fields to include.
log_fields_to_exclude	`ottlFields`	`[]`	Which log fields to exclude.
log_selection	`enum`	`Include`	Whether to use include or exclude mode for log field selection.
body_fields_to_include	`ottlFields`	`[]`	Which body fields to include.
body_fields_to_exclude	`ottlFields`	`[]`	Which body fields to exclude.
body_selection	`enum`	`Exclude`	Whether to use include or exclude mode for body field selection.
attribute_fields_to_include	`ottlFields`	`[]`	Which attribute fields to include.
attribute_fields_to_exclude	`ottlFields`	`[]`	Which attribute fields to exclude.
attribute_selection	`enum`	`Exclude`	Whether to use include or exclude mode for attribute field selection.
resource_fields_to_include	`ottlFields`	`[]`	Which resource fields to include.
resource_fields_to_exclude	`ottlFields`	`[]`	Which resource fields to exclude.
resource_selection	`enum`	`Exclude`	Whether to use include or exclude mode for resource field selection.
flatten	`bool`	`false`	Whether to flatten fields after moving to body.
log_field	`string`	`bp.log`	The name of the body field to move log fields into. If empty, moves fields to top level.
attribute_field	`string`	`bp.attrs`	The name of the body field to move attribute fields into. If empty, moves fields to top level.
resource_field	`string`	`bp.res`	The name of the body field to move resource fields into. If empty, moves fields to top level.
kv_delimiter	`string`	`=`	The delimiter to use between key and value.
kv_pair_delimiter	`string`		The delimiter to use between key value pairs.
sort_by_keys	`bool`	`false`	Ensure deterministic ordering of keys before marshaling.

Basic Configuration

Below is an example of configuration using the defaults. It will select all body, attributes, and resource fields but will not flatten or marshal them.

Web Interface

observIQ docs - Marshal Processor - image 1

Standalone Processor

yaml

1apiVersion: bindplane.observiq.com/v1
2kind: Processor
3metadata:
4  id: marshal-default
5  name: marshal-default
6spec:
7  type: marshal
8  parameters:
9    - name: format
10      value: None
11    - name: log_fields_to_exclude
12      value: []
13    - name: log_fields_to_include
14      value: []
15    - name: log_selection
16      value: Include
17    - name: body_fields_to_exclude
18      value: []
19    - name: body_fields_to_include
20      value: []
21    - name: body_selection
22      value: Exclude
23    - name: attribute_fields_to_exclude
24      value: []
25    - name: attribute_fields_to_include
26      value: []
27    - name: attribute_selection
28      value: Exclude
29    - name: resource_fields_to_exclude
30      value: []
31    - name: resource_fields_to_include
32      value: []
33    - name: resource_selection
34      value: Exclude
35    - name: flatten
36      value: false
37    - name: log_field
38      value: bp.log
39    - name: attribute_field
40      value: bp.attrs
41    - name: resource_field
42      value: bp.res
43    - name: kv_delimiter
44      value: =
45    - name: kv_pair_delimiter
46      value: ' '
47    - name: sort_by_keys
48      value: false

Key Value Example

The configuration below will flatten and marshal the body into a string like this:

name=test bp.log.severity_number=5 bp.attrs.baba=you bp.res.field1=val1 bp.res.field2=val2

In the advanced section, the KV delimiters can be customized and the bp.log, bp.attrs, and bp.res fields can be renamed or ignored, putting fields directly onto the body.

Web Interface

observIQ docs - Marshal Processor - image 2

Standalone Processor

yaml

1apiVersion: bindplane.observiq.com/v1
2kind: Processor
3metadata:
4  id: marshal-kv
5  name: marshal-kv
6spec:
7  type: marshal
8  parameters:
9    - name: format
10      value: KV
11    - name: log_fields_to_exclude
12      value: []
13    - name: log_fields_to_include
14      value:
15        - severity_number
16    - name: log_selection
17      value: Include
18    - name: body_fields_to_exclude
19      value:
20        - severity
21    - name: body_fields_to_include
22      value: []
23    - name: body_selection
24      value: Exclude
25    - name: attribute_fields_to_exclude
26      value:
27        - host
28    - name: attribute_fields_to_include
29      value: []
30    - name: attribute_selection
31      value: Exclude
32    - name: resource_fields_to_exclude
33      value:
34        - field2
35        - field1
36    - name: resource_fields_to_include
37      value:
38        - field1
39        - field2
40    - name: resource_selection
41      value: Include
42    - name: flatten
43      value: true
44    - name: log_field
45      value: bp.log
46    - name: attribute_field
47      value: bp.attrs
48    - name: resource_field
49      value: bp.res
50    - name: kv_delimiter
51      value: =
52    - name: kv_pair_delimiter
53      value: ' '
54    - name: sort_by_keys
55      value: false

Updated 1 month ago