field_filter transform

Accepts `log` and `metric` events and allows you to filter events by a field's value.

The field_filter transform is in beta. Please see the current enhancements and bugs for known issues. We kindly ask that you add any missing issues as it will help shape the roadmap of this component.

The field_filter transform accepts log and metric events and allows you to filter events by a field's value.

Config File

vector.toml (example)
vector.toml (schema)
vector.toml (specification)
[transforms.my_transform_id]
type = "field_filter" # must be: "field_filter"
inputs = ["my-source-id"]
field = "file"
value = "/var/log/nginx.log"

Options

Key

Type

Description

REQUIRED

type

string

The component type required must be: "field_filter"

inputs

[string]

A list of upstream source or transform IDs. See Config Composition for more info. required example: ["my-source-id"]

field

string

The target field to compare against the value. required example: "file"

value

string

If the value of the specified field matches this value then the event will be permitted, otherwise it is dropped. required example: "/var/log/nginx.log"

How It Works

Complex Comparisons

The field_filter transform is designed for simple equality filtering, it is not designed for complex comparisons. There are plans to build a filter transform that accepts more complex filtering.

We've opened issue 479 for more complex filtering.

Environment Variables

Environment variables are supported through all of Vector's configuration. Simply add ${MY_ENV_VAR} in your Vector configuration file and the variable will be replaced before being evaluated.

You can learn more in the Environment Variables section.

Troubleshooting

The best place to start with troubleshooting is to check the Vector logs. This is typically located at /var/log/vector.log, then proceed to follow the Troubleshooting Guide.

If the Troubleshooting Guide does not resolve your issue, please:

  1. If encountered a bug, please file a bug report.

  2. If encountered a missing feature, please file a feature request.

  3. If you need help, join our chat/forum community. You can post a question and search previous questions.

Alternatives

Finally, consider the following alternatives:

Resources