https://signoz.io
Join Slack
Is it possible to remove empty attributes when they are created through a regex parser? I am pullin...
# support
b
Is it possible to remove empty attributes when they are created through a regex parser? I am pulling in my firewall logs through a udplog receiver. I am running a regex_parser on that receiver to extract and tag information from the log (like src_ip, protocol, etc.). That regex is capturing a lot of optional groups that are not present in all logs. For example, if it's an https connection the log will list a tls_version, but if it's an http connection that field isn't there. But it seems all capture groups are being added to all of the logs as attributes, though most of them are empty. Is there a way to not add those empty attributes?
I guess this isn't necessarily specific to a regex processor. I just want to know if there's an easy way to remove attributes with empty values.
I figured out how to delete one specific attribute if it is empty, by using the following processor:
Copy code
processors:
  attributes/delempty:
    include:
      match_type: regexp
      attributes:
        - key: "action"
          value: '^$'
    actions:
      - key: "action"
        action: delete
The trouble is that if I try to include more than one attribute key under 
attributes:
then all of those have to match. Which means that if I listed every attribute I want to delete if it is empty, it will only delete the attributes if all of the attributes are empty. And it seems I can't use a regex the 
attributes:
key...
Open in Slack
PreviousNext
Powered by

SigNoz Community

SigNoz is an open-source APM. It helps developers monitor their applications & troubleshoot problems, an open-source alternative to DataDog, NewRelic, etc.

Powered by