LOGMETRIC

field_filter transform

The field_filter transform accepts log and metric events and allows you to filter events by a log field's value.

Configuration

vector.toml

[transforms.my_transform_id]
  type = "field_filter" # example, must be: "field_filter"
  inputs = ["my-source-id"] # example
  field = "file" # example
  value = "/var/log/nginx.log" # example

Options

2 items

common onlyrequired only

commonstringrequired

field

The target log field to compare against thevalue.

No default

View examples

commonstringrequired

value

If the value of the specifiedfield matches this value then the event will be permitted, otherwise it is dropped.

No default

View examples

How It Works

Complex Comparisons

The field_filter transform is designed for simple equality filtering, it is not designed for complex comparisons. There are plans to build a filter transform that accepts more complex filtering.

We've opened issue 479 for more complex filtering.

Environment Variables

Environment variables are supported through all of Vector's configuration. Simply add ${MY_ENV_VAR} in your Vector configuration file and the variable will be replaced before being evaluated.

You can learn more in the Environment Variables section.

#Configuration

#Options

#field

#value

#How It Works

#Complex Comparisons