Closed OverOrion closed 2 weeks ago
@version: 4.8 log { source {stdin(flags(no-parse));}; filterx { declare needle = "bar"; declare path = ""; if (startswith($MSG, "foo", ignorecase=true)) { path = "starts with foo"; } elif (startswith($MSG, needle)) { path = "starts with bar"; } elif (endswith($MSG, "foo", ignorecase=true)) { path = "ends with foo"; } elif (endswith($MSG, needle, ignorecase=true)) { path = "ends with bar"; } else {path = "NOPE";}; }; filterx {vars();}; destination { file("/dev/stdout"); }; };
OverOrion
commented
1 month ago OverOrion
commented
1 month ago