Cribl LogStream – Docs

Cribl LogStream Documentation

Questions? We'd love to help you! Meet us in #Cribl Community Slack (sign up)
Download entire manual as PDF - v2.3.0

Drop

Description


The Drop Function will drop/delete any events that meet the Filter expression.

Usage


Filter: Filter expression (JS) that selects data to be fed through the Function. Defaults to true, meaning that all events will be evaluated.

Description: Simple description about this Function. Defaults to empty.

Final: If true, stops data from being fed to the downstream Functions. Defaults to No.

Example

Assume that we care only about errors, so we want to filter out any events that contain the word “success,” regardless of case: “success,” “SUCCESS,” etc.

In our Drop Function, we’ll use the JavaScript search() method to search the _raw field’s contents for our target pattern. We know that search() returns a non-negative integer to indicate the starting position of the first match in the string, or -1 if no match. So we can evaluate the Function as true when the return value is >= 0.

Filter: _raw.search(/success/i)>=0

Updated 2 months ago

Drop


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.