You can create log processing rules to filter logs. Filtering lets you drop irrelevant fields from log messages or entire log messages that are of no use.
- Log processing rules are applied only to the logs that are ingested after you create and enable these rules.
- All the actions that you perform on log processing configurations - create, modify, remove, disable, or enable, need about a minute to reflect in the system.
- Expand the main menu and navigate to .
- On the Filter Logs tab, click New Configuration.
Option Description Name A name for the log filtering configuration. Fields Drop all the logs or specific logs in the filtering configuration. If you drop specific logs, you can add query criteria for multiple fields, so that only the logs that match the criteria are filtered. Apply to all logs / Apply to specific logs Apply the filtering configuration to all the logs or to specific logs. If you apply the configuration to specific logs, you can add query criteria for single or multiple fields, so that only the logs that match the criteria are filtered.Note: You cannot select Drop entire log and Apply to all logs at the same time, as a combination of these selections drops all the logs that are ingested.
- Click Save.
What to do next
- Modify or remove the configuration. Click the three dots icon to the left of the configuration and select Edit or Delete.
- Enable or disable the configuration. Click the toggle to the left of the configuration. The toggle is green when the configuration is enabled and gray when it is disabled.