field_filter transform

Accepts `log` and `metric` events and allows you to filter events by a log field's value.

The field_filter transform is in beta. Please see the current enhancements and bugs for known issues. We kindly ask that you add any missing issues as it will help shape the roadmap of this component.

The field_filter transform accepts log and metric events and allows you to filter events by a log field's value.

Config File

vector.toml (simple)
vector.toml (advanced)
type = "field_filter" # must be: "field_filter"
inputs = ["my-source-id"]
field = "file"
value = "/var/log/nginx.log"
# For a complete list of options see the "advanced" tab above.

How It Works

Complex Comparisons

The field_filter transform is designed for simple equality filtering, it is not designed for complex comparisons. There are plans to build a filter transform that accepts more complex filtering.

We've opened issue 479 for more complex filtering.

Environment Variables

Environment variables are supported through all of Vector's configuration. Simply add ${MY_ENV_VAR} in your Vector configuration file and the variable will be replaced before being evaluated.

You can learn more in the Environment Variables section.


The best place to start with troubleshooting is to check the Vector logs. This is typically located at /var/log/vector.log, then proceed to follow the Troubleshooting Guide.

If the Troubleshooting Guide does not resolve your issue, please:

  1. If encountered a bug, please file a bug report.

  2. If encountered a missing feature, please file a feature request.

  3. If you need help, join our chat/forum community. You can post a question and search previous questions.


Finally, consider the following alternatives: