Drop Events Filter
Output filter: drop-events¶
This plugin drops events by include/exclude criteria for each field. The filters property contains a list of fields. For each field, you can specify a regular expression to keep (include) or drop (exclude) the event from processing.
Configuration¶
The folowing example configuration reads log files from /var/log and applies various filters with the following rules:
- Keep logs with
severityerror and warn - Drop logs with
severitydebug and info - Drop logs from
servicentpd - Keep logs when
messagecontaines the words critical,error,auth or failed
# tail server logs
input:
files:
- '/var/log/**/*.log'
outputFilter:
dropEvents:
module: drop-events
debug: false
filters:
severity:
# don't drop logs with severity error and warn
include: !!js/regexp /error|warn/i
# drop logs with severity debug and info
exclude: !!js/regexp /debug|info/i
service:
# drop logs from service ntpd
exclude: !!js/regexp ntpd
message:
# don't drop logs with
# messages containing the words critical,error,auth or failed
include: !!js/regexp /critical|auth|error|failed/
Run Logagent with your config:
logagent --config logagent-example-config.yml --yaml