Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add condition to a filtering rule #1447

Closed
15 of 17 tasks
monicasarbu opened this issue Apr 21, 2016 · 0 comments
Closed
15 of 17 tasks

Add condition to a filtering rule #1447

monicasarbu opened this issue Apr 21, 2016 · 0 comments
Labels
enhancement in progress Pull request is currently in progress. libbeat meta :Processors

Comments

@monicasarbu
Copy link
Contributor

monicasarbu commented Apr 21, 2016
edited
Loading

Related to #451

If more filtering rules are defined, then they are executed in the order they are defined. The initial event is passed to the first filtering rule and what results from it is passed to the second filtering rule until all the filtering rules are applied. The condition that is used in the following filtering rules is running against the event that is received as input and it might defer from the original event.

Condition types:

  • equals
  • contains
  • regexp
  • range
  • and
  • or
  • not

Equals

Accepts only integers and strings.

equals:
  type: process

equals:
  proc.name: test

equals:
  http.response.code: 200

Contains

Accepts only strings.

contains:
  proc.name: topbeat

Regexp

Accepts only strings that include a regular expression.

regexp:
  proc.name: "$beat"

Range

Accepts only integers and floats.

range:
  proc.cpu.total_p:
    gte: 0.5

range:
  responsetime:
    gte: 30

Combine two conditions

You can specify a list of conditions under each type and they are combined with and. For example, the following conditions selects the `type=process and proc.name=test:

equals:
  type: process
  proc.name: test

OR/AND/NOT operators

or/and/not:
  - <condition>
  - <condition>
  - <condition>

where <condition> can contain any of the actions vailable including other or, not, and.

Required changes:
@monicasarbu monicasarbu mentioned this issue Apr 21, 2016
Merged
@monicasarbu monicasarbu changed the title Add condition to filtering rules Add condition to a filtering rule Apr 21, 2016
@monicasarbu monicasarbu added :Processors meta in progress Pull request is currently in progress. labels Apr 21, 2016
@andrewkroh andrewkroh mentioned this issue May 11, 2016
Closed
@monicasarbu monicasarbu mentioned this issue May 30, 2016
Closed
@monicasarbu monicasarbu mentioned this issue Jul 7, 2016
Closed
@a03nikki a03nikki mentioned this issue Oct 9, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement in progress Pull request is currently in progress. libbeat meta :Processors
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@monicasarbu