Cribl LogStream – Docs

Getting started with Cribl LogStream

Questions? We'd love to help you! Meet us in #cribl (sign up)
Download manual as PDF - v2.2.0

    Docs Home

Output Router

Output Routers are meta-destinations that allow for output selection based on rules. Rules are evaluated in order, top‑>down, with the first match being the winner.

Configuring Cribl LogStream to Output to an Output Router

While on the Data Destinations page, select Output Router from the tiles or the left menu, then click Add New. The resulting New Router Destination pane contains the following fields.

Router name: Enter a unique name to identify this router definition.

Rules: A list of event routing rules.

  • Filter expression: JavaScript expression to select events to send to output.
  • Output: Output where to send matching events.
  • Final: Flag to control whether to stop the event from being checked against other rules. Defaults to Yes.

Notes

  • An Output Router cannot reference another. This is by design, so as to avoid cycles.
  • Events that do not match any of the rules are dropped. Use a catchall rule to change this behavior.
  • No conditioning can be done here. Use Conditioning Pipelines on the Source tier.
  • Data can be cloned by toggling the Final flag to No. (The default is Yes, i.e., no cloning.)

Example

Scenario:

  • Send all events where host starts with 69 to Destination San Francisco.
  • From the rest of the events:
    • Send all events with method field POST or GET to both Seattle and Los Angeles (i.e., clone).
  • Send the remaining events to New York City.

Router Name: router66

Filter ExpressionOutputFinal
host.startsWith('69')San Francisco Yes
method=='POST' || method=='GETSeattle No
method=='POST' || method=='GET'Los Angeles Yes
trueNew York Yes

Updated 17 days ago

Output Router

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.