概要
Observability Pipelines のプロセッサを使用して、ログをパース、構造化、および拡充します。すべてのプロセッサはすべてのテンプレートで使用できます。テンプレート、ソース、および宛先を選択した後、Observability Pipelines UI でプロセッサをセットアップします。これは、パイプラインセットアッププロセスのステップ 5 です。
- Observability Pipelines に移動します。
- テンプレートを選択します。
- ソースを選択してセットアップします。
- 宛先を選択してセットアップします。
- プロセッサをセットアップします。
- Observability Pipelines Worker をインストールします。
- パイプラインのモニターを有効にします。
There are pre-selected processors added to your processor group out of the box. You can add additional processors or delete any existing ones based on your processing needs.
Processor groups are executed from top to bottom. The order of the processors is important because logs are checked by each processor, but only logs that match the processor’s filters are processed. To modify the order of the processors, use the drag handle on the top left corner of the processor you want to move.
Filter query syntax
Each processor has a corresponding filter query in their fields. Processors only process logs that match their filter query. And for all processors except the filter processor, logs that do not match the query are sent to the next step of the pipeline. For the filter processor, logs that do not match the query are dropped.
For any attribute, tag, or key:value
pair that is not a reserved attribute, your query must start with @
. Conversely, to filter reserved attributes, you do not need to append @
in front of your filter query.
For example, to filter out and drop status:info
logs, your filter can be set as NOT (status:info)
. To filter out and drop system-status:info
, your filter must be set as NOT (@system-status:info)
.
Filter query examples:
NOT (status:debug)
: This filters for only logs that do not have the status DEBUG
.status:ok service:flask-web-app
: This filters for all logs with the status OK
from your flask-web-app
service.- This query can also be written as:
status:ok AND service:flask-web-app
.
host:COMP-A9JNGYK OR host:COMP-J58KAS
: This filter query only matches logs from the labeled hosts.@user.status:inactive
: This filters for logs with the status inactive
nested under the user
attribute.
Queries run in the Observability Pipelines Worker are case sensitive. Learn more about writing filter queries in Datadog’s Log Search Syntax.
詳細については、プロセッサを選択してください。
その他の参考資料