search

Graylog2 / graylog2-server

Free and open log management
https://www.graylog.org
Other
7.37k stars 1.06k forks source link

Feature Request: Pipepline Rule keep/remove multiple fields #3431

Closed rswestmoreland closed 7 years ago

rswestmoreland commented 7 years ago

A new function to handle multiple fields in a single statement.

Expected Behavior

keep_fields(list of fields to keep, remove the rest) remove_fields(list of fields to remove, keep the rest)

remove_fields would just be the plural version of remove_field and is just an extension of already existing behavior.

keep_fields is a reverse version of remove_fields. When the goal is to persist a finite set of fields, this function would drop any fields not in the list.

Current Behavior

There is a remove_field (singular) but requires a lot of extra processing and repetition for a big list of fields, plus it will only work as new fields are discovered that need to be removed.

Possible Solution

Call the function with a list/array of fields so removing them in bulk can be performance optimized.

Steps to Reproduce (for bugs)

N/A

Context

Trying to make the pipeline processing even better :)

Your Environment

N/A

joschi commented 7 years ago

This issue was moved to Graylog2/graylog-plugin-pipeline-processor#156