Field Filter Transform

The Vector field_filter transform accepts and outputs log events allowing you to filter events by a log field's value.

Configuration

vector.toml

[transforms.my_transform_id]
  type = "field_filter" # must be: "field_filter"
  inputs = ["my-source-id"] # example
  field = "file" # example
  value = "/var/log/nginx.log" # example

Options

2 items

common onlyrequired only

stringcommonrequired

field

The target log field to compare against the value.

No default

View examples

stringcommonrequired

value

If the value of the specified field matches this value then the event will be permitted, otherwise it is dropped.

No default

View examples

How It Works

Complex Comparisons

The field_filter transform is designed for simple equality filtering, it is not designed for complex comparisons. There are plans to build a filter transform that accepts more complex filtering.

We've opened issue 479 for more complex filtering.

Environment Variables

Environment variables are supported through all of Vector's configuration. Simply add ${MY_ENV_VAR} in your Vector configuration file and the variable will be replaced before being evaluated.

You can learn more in the Environment Variables section.

#Configuration

#Options

#field

#value

#How It Works

#Complex Comparisons

#Environment Variables