Usage

​

Filter: Filter expression (JS) that selects data to feed through the Function. Defaults to true, meaning it evaluates all events.

Description: Simple description about this Function. Defaults to empty.

Final: If toggled to Yes, stops feeding data to the downstream Functions. Defaults to No.

Examples

​

Scenario A:

​

Assume that we care only about errors, so we want to filter out any events that contain the word “success,” regardless of case: “success,” “SUCCESS,” etc.

In our Drop Function, we’ll use the JavaScript search() method to search the _raw field’s contents for our target pattern. We know that search() returns a non-negative integer to indicate the starting position of the first match in the string, or -1 if no match. So we can evaluate the Function as true when the return value is >= 0.

Filter: _raw.search(/success/i)>=0

Scenario B:

​

You can filter out specific JSON events based on their key-value pairs.

The following Filter expression uses a strict inequality operator to check, per event, whether channel has a different data type or value from auth. Matching events will drop, ensuring that only events with "channel":"auth" will pass to the next Function.

Filter: channel !== 'auth'