Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Rule ¶
type Rule string
Rule is a representation of a VRL rule.
const BackslashMultilineRule Rule = `
matched, err = match(.message, r'[^\\]$');
if err != null {
false;
} else {
matched;
}
`
BackslashMultilineRule counts all lines ended with the backslash symbol as the parts of a single line.
Example: --- first line \ one more line \ the end
const CleanUpAfterSourceRule Rule = `` /* 275-byte string literal not displayed */
CleanUpAfterSourceRule is a general cleanup rule to sanitize the final message. It should always be the first rule in the transforms chain to avoid unexpected data leaks to transform rules.
const FilterDoesNotExistRule Rule = `
!exists(.{{ $.filter.Field }})
`
FilterDoesNotExistRule returns true if there is no label in the log message.
const FilterExistsRule Rule = `
exists(.{{ $.filter.Field }})
`
FilterExistsRule checks whether a label exists in the log message.
const FilterInRule Rule = `` /* 317-byte string literal not displayed */
FilterInRule checks that the provided label value is in the following list.
const FilterNotInRule Rule = `` /* 318-byte string literal not displayed */
FilterNotInRule checks that the provided label value is out of the following list.
const FilterNotRegexRule Rule = `` /* 345-byte string literal not displayed */
FilterNotRegexRule ensures that the label exists and does not match any of provided regexes.
const FilterRegexRule Rule = `` /* 142-byte string literal not displayed */
FilterRegexRule checks that a particular label matches any of provided regexes.
const GeneralMultilineRule Rule = `` /* 255-byte string literal not displayed */
GeneralMultilineRule appends all lines started with a space/tab to the previous line.
Example: --- start of the line:
following line one more line
const JSONMultilineRule Rule = `
matched, err = match(.message, r'^\{');
if err != null {
false;
} else {
matched;
}
`
JSONMultilineRule parses multiline JSON formatted documents.
Example: ---
{
"Start": "first_line",
"Next": "following line"
}
const LogWithTimeMultilineRule Rule = `` /* 763-byte string literal not displayed */
LogWithTimeMultilineRule counts any date/timestamp as a start of the line. All following lines will be appended.
Example: --- 2022-10-10 11:10 start of the line following line one more line 2022-10-10 11:11 a new line
const ParseJSONRule Rule = `` /* 126-byte string literal not displayed */
ParseJSONRule provides the message data as an object for future modifications/validations. Parsed data will be equal to message to simplify further transformations, e.g., log filtration's.
const ParsedDataCleanUpRule Rule = `
if exists(.parsed_data) {
del(.parsed_data)
}
`
ParsedDataCleanUpRule cleans up the temporary parsed data object.
const StreamRule Rule = `
."@timestamp" = del(.timestamp)
`
StreamRule puts the vector timestamp to the label recognized by Elasticsearch.
Source Files