You can add a configuration to drop logs that match the filter criteria you provide.

Dropping logs lets you view only the logs that you require, which is cost-effective, saves storage, and improves performance.
Note:
  • A log filter configuration is applied only to the logs that are ingested after you create and activate the configuration.
  • A log filter configuration is applied only to logs with static fields in the filter criteria.

Prerequisites

Verify that you are logged in to the VMware Aria Operations for Logs web user interface as a Super Admin user, or a user associated with a role that has the relevant permissions. See Create and Modify Roles for more information. The URL format of the web user interface is https://operations-for-logs-host, where operations-for-logs-host is the IP address or host name of the VMware Aria Operations for Logs virtual appliance.

Procedure

  1. Expand the main menu, click Log Management and then click Log Filtering.
  2. Click ""New Configuration.
  3. Enter a unique name for the log filter configuration.
  4. Select fields and constraints to define the logs that you want to drop. If you do not select a filter, all the logs are dropped. To see the results of your filter, click Run in Explore Logs page.
    Operator Description
    Matches Finds strings that match the string and wildcard specification, where * means zero or more characters and ? means zero or any single character. Prefix and postfix globbing is supported.

    For example, *test* matches strings such as test123 or my-test-run.

    does not match Excludes strings that match the string and wildcard specification, where * means zero or more characters and ? means zero or any single character. Prefix and postfix globbing is supported.

    For example, test* excludes test123, but not mytest123. ?test* excludes test123 and xtest123, but not mytest123.
    starts with Finds strings that start with the specified character string.

    For example, test finds test123 or test, but not my-test123.

    does not start with Excludes strings that start with the specified character string.

    For example, test filters out test123, but not my-test123.

  5. The log filter configuration is activated by default. To deactivate the configuration, click the Enabled toggle button.
  6. To activate log forwarding for the logs that match the filter criteria, click the Allow Forwarding toggle button.
    When you click the toggle button and save this configuration, the logs matching the filter criteria are no longer ingested into the current VMware Aria Operations for Logs instance. Instead, they are sent to the log forwarding or cloud forwarding destination that has the same filter criteria as your log filter configuration.

    You can configure a log forwarding destination in Log Management > Log Forwarding and a cloud forwarding destination in Log Management > Cloud Forwarding.

  7. Click Save.

Results

The log filter configuration appears in the Log Filtering tab with information about the drop filter and whether it is activated. You can activate or deactivate the configuration by clicking the Enabled toggle button.