Procesadores

Información general

Utiliza los procesadores de Observability Pipelines para analizar, estructurar y enriquecer tus logs. Todos los procesadores están disponibles para todas las plantillas. Configura tus procesadores en la interfaz de usuario de Observability Pipelines después de haber seleccionado una plantilla, una fuente y unos destinos. Este es el paso 5 del proceso de configuración del pipeline:

  1. Navega hasta Observability Pipelines.
  2. Selecciona una plantilla.
  3. Selecciona y configura tu fuente.
  4. Selecciona y configura tus destinos.
  5. Configura tus procesadores.
  6. Instala el worker de Observability Pipelines.
  7. Habilita monitores para tu pipeline.

There are pre-selected processors added to your processor group out of the box. You can add additional processors or delete any existing ones based on your processing needs.

Processor groups are executed from top to bottom. The order of the processors is important because logs are checked by each processor, but only logs that match the processor’s filters are processed. To modify the order of the processors, use the drag handle on the top left corner of the processor you want to move.

Filter query syntax

Each processor has a corresponding filter query in their fields. Processors only process logs that match their filter query. And for all processors except the filter processor, logs that do not match the query are sent to the next step of the pipeline. For the filter processor, logs that do not match the query are dropped.

For any attribute, tag, or key:value pair that is not a reserved attribute, your query must start with @. Conversely, to filter reserved attributes, you do not need to append @ in front of your filter query.

For example, to filter out and drop status:info logs, your filter can be set as NOT (status:info). To filter out and drop system-status:info, your filter must be set as NOT (@system-status:info).

Filter query examples:

  • NOT (status:debug): This filters for only logs that do not have the status DEBUG.
  • status:ok service:flask-web-app: This filters for all logs with the status OK from your flask-web-app service.
    • This query can also be written as: status:ok AND service:flask-web-app.
  • host:COMP-A9JNGYK OR host:COMP-J58KAS: This filter query only matches logs from the labeled hosts.
  • @user.status:inactive: This filters for logs with the status inactive nested under the user attribute.

Queries run in the Observability Pipelines Worker are case sensitive. Learn more about writing filter queries in Datadog’s Log Search Syntax.

Selecciona un procesador para obtener más información:


Referencias adicionales

Más enlaces, artículos y documentación útiles:

Transformar y enriquecer tus logs con Datadog Observability PipelinesBLOG more more