-
Notifications
You must be signed in to change notification settings - Fork 24
Drop Processor
orbenharosh edited this page Feb 12, 2023
·
7 revisions
This processor drops log lines, it can be combined with an if statement to remove log lines based on particular events or values, or it can simply be used to throttle the number of documents that are output by sawmill.
- percentage, default to 100 which is full drop, can be used to throttle
{
"steps": [
{
"if": {
"condition": {
"hasValue": {
"field": "field_name",
"possibleValues": [
"value"
]
}
},
"then": [
{
"drop": {
"config": {}
}
}
]
}
}
]
}{
"steps": [
{
"if": {
"condition": {
"hasValue": {
"field": "field_name",
"possibleValues": [
"value"
]
}
},
"then": [
{
"drop": {
"config": {
"percentage": "20"}
}
}
]
}
}
]
}- Home
-
Pipelines
-
Processors
- Add Field Processor
- Add Tag Processor
- AhoCorasick Processor
- Anonymize Processor
- Append List Processor
- Arrays Intersect Processor
- Base64 Decode Processor
- Convert Processor
- CSV Processor
- Date Processor
- Drop Processor
- External Mapping Source Processor
- GeoIP Processor
- Grok Processor
- JSON Processor
- Key Value Processor
- LowerCase Processor
- Math Processor
- Remove Field Processor
- Remove Tag Processor
- Rename Field Processor
- Split Processor
- Strip Processor
- Substitue Processor
- Substring Processor
- Translate Processor
- UpperCase Processor
- User Agent Processor
- URL Decode Processor
- XML Processor
- DeDot Processor
- Doc Size Processor
- If statement
- Additional Commands
-
Processors