These docs are for Cribl Edge 4.9 and are no longer actively maintained.
See the latest version (4.13).
Filter Edge Nodes
Learn how to filter large lists of Edge Nodes
When your Cribl Edge deployment has a large number of Nodes, you may want to filter your Node list down to a manageable subset of Nodes. This can help you monitor your Edge Nodes and troubleshoot any issues.
For example, you may want to view all of the Edge Nodes that are experiencing upgrade issues. Or, you may need to update the configuration of Nodes that are running a certain operating system version, but you don’t know which Fleets they belong to.
The Filters option allows you to apply filter criteria to your Node list, so you can quickly find Nodes by OS Platform, IP address, install type, version and more.
Access Node Filters
In Cribl Edge, you can filter Edge Nodes in two places:
- In a specific Fleet in the Edge Nodes list. Navigate to Fleets, then select a Fleet.
- On the list of all Edge Nodes, in both List View and Map View. Navigate to Edge Nodes from the sidebar.
Filter Modes
You can choose between the default form-based mode and Advanced mode when you create a Node filter. Form-based mode contains the preconfigured fields and checkboxes you see when you select Filters.
For a table of the options and their definitions, see Form-based Filter Options.
Advanced mode is a Javascript input field where you can create your own filter, referencing the JSON objects that are associated with an Edge Node.
You can edit the Javascript by typing in the Expression field, but doing so disables the form-based filters unless you undo the changes. To revert back to the form-based filter, select Undo changes.
Some filter combinations will never return any results – for example, OS platform set to Linux and Install type set to MSI, since MSI is only used for Windows installations.
Create an Edge Node Filter
The Filters option lets you group a list of Nodes by criteria such as OS platform, IP address, install type, version, and more.
To create an Edge Node filter:
- Navigate to a list of Edge Nodes, either from the Nodes tab in a Fleet or from the Edge Nodes sidebar.
- Select Filters to open the Filters panel.
- Create a filter by selecting from the Node Filter Options, or toggle Advanced to write your own filter using Javascript.
- Once you have selected filter criteria, you can use the Filter Edge Nodes field to further narrow down the list of visible Nodes.
- Select Clear filters to undo your selections in the Filters panel. This does not clear the Filter Edge Nodes field.
Share a Filter
To share a filter with another Cribl user:
- Select the Filters button and create a filter.
- Select the link icon
to copy the
filters to your clipboard, or copy the browser URL. - Now you can share the link with another user.
Filters are Workspace-specific, so they will only work within the Workspace where you created it.
Form-based Filter Options
You can choose from a set of preconfigured, form-based filter options, and each has an associated Javascript property. You’ll see the Javascript property in the Expressions field when you toggle on Advanced mode.
| Field | Description | Javascript property |
|---|---|---|
Fleet | Find Nodes based on their Fleet assignment. Visible when filtering from the Edge Nodes page. | group=='<fleet>' |
| Upgrade status | The upgrade status of the Edge Node.
| nodeUpgradeStatus.state |
| Source status | The health status for each Source associated with the Nodes. | (lastMetrics['health.inputs']) |
| Destination status | The health status for each Destination associated with the Nodes. | (lastMetrics['health.outputs']) |
| Edge version | Enter a semantic version of Cribl Edge. For example, 4.1.0. | info.cribl.version.toLowerCase() |
| Host | The host of the Edge Node. You can type in any part of the host string. | info.hostname.toLowerCase().includes(<host>) |
| OS platform | The operating system platform that the Edge Node is running on. | (info.platform === '<os-platform>') |
| OS version | The version of the operating system the Edge Node is running on. For example, Windows 10. | info.release.toLowerCase().includes('<OS version>') |
| Architecture | The processor architecture for the Edge Node. | (info.architecture === '<architecture>') |
| IP address | The IP address of the Edge Node. Entering a partial value returns all Nodes with matching values. For example, entering 17 will return all Nodes that have 17 somewhere in the address. | info.conn_ip.toLowerCase().includes('<ip-here>') |
| Install type | The installation type for the Node. Select RPM or Container. Useful for determining which Nodes can’t be upgraded by the Leader. | (info.env.CRIBL_INSTALL_TYPE === '<type>') |
Advanced Filter Options
You can use the following Node properties and types to create your Advanced filter in Javascript.
| Node Property | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| id | string | ||||||||||||||||||||||||||||||||||||||||||||||||||
| status | string (Healthy) | ||||||||||||||||||||||||||||||||||||||||||||||||||
| group | string (Fleet name) | ||||||||||||||||||||||||||||||||||||||||||||||||||
| info |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
| lastMsgTime | number (time when Node sent the last message in msec) | ||||||||||||||||||||||||||||||||||||||||||||||||||
| firstMsgTime | number (time when Node sent the first message in msec) | ||||||||||||||||||||||||||||||||||||||||||||||||||
| nodeUpgradeStatus |
| ||||||||||||||||||||||||||||||||||||||||||||||||||
| lastMetrics |
|
Example Advanced Filter Expressions
You can use these example expressions as a starting point to build your advanced filters.
Edge Nodes with >10 CPUs and >8 GB RAM
Because total memory is reported in bytes, we need to calculate 8GB to bytes before using it in the filter.
info.cpus >= 4 && info.totalmem >= 8388608000Nodes running the System State Source
lastMetrics.hasOwnProperty('health.inputs:input:system_state:in_system_state')Nodes Running the System State Source and experiencing issues with Destinations
lastMetrics.hasOwnProperty('health.inputs:input:system_state:in_system_state') && lastMetrics['health.outputs'] === 2Nodes with errors in either Sources or Destinations
lastMetrics['health.inputs'] === 2 || lastMetrics['health.outputs'] === 2