Filter Processor

​

Supported Data Types

​

Configuring the Sawmills Filter Processor for Logs

​

Configuration Components

​

1. Name

• Description: This is the identifier for your filter. A unique, descriptive name helps you easily identify each filter, especially in interfaces where multiple filters may be applied.

​

2. Attribute Filters

• Conditions: Specify conditions to filter events before processing. Events must satisfy all conditions (AND) or at least one (OR) based on the selected logic.

1. Choose the condition type:
   • Log Level (Severity)
   • Body as String
2. Select a comparison operator:
   • Equals / Not Equals
3. Provide a value:
   • Log Level: Select from a dropdown (INFO, WARN, ERROR, etc.).
   • Body as String: Enter a free-text value for matching.

​

3. Action

• Description: Determines whether logs that meet the specified conditions are included, excluded, or sampled.
• Options:
  • Exclude: Discard logs that match the specified conditions.
  • Include: Keep only the logs that match the specified conditions, excluding all others.
  • Sample: Retain only x% of logs that meet the specified conditions, excluding all others.
• Use Cases:
  • Use Exclude to remove logs from ingestion based on certain criteria, like low-severity logs.
  • Use Include to capture only high-priority logs, filtering out less critical information.
  • Use Sample to capture a percentage of logs, reducing storage and logging costs.

​

4. Conditions

• Description: Conditions define the criteria for log filtering. Each condition consists of key-value pairs specifying the attributes that a log entry must have to be included, excluded or sampled.
• Multiple Conditions: Enables you to define multiple conditions. When defining multiple conditions the following applies:
  • Match all (AND): All conditions must be met for the action to apply.
  • Match any (OR): Only one of the conditions needs to be met for the action to apply.