Level
Synopsis
Extracts log levels from text messages by analyzing common logging patterns.
Schema
level:
- field: <ident>
- target_field: <ident>
- description: <text>
- if: <script>
- ignore_failure: <boolean>
- ignore_missing: <boolean>
- on_failure: <processor[]>
- on_success: <processor[]>
- tag: <string>
Configuration
| Field | Required | Default | Description |
|---|---|---|---|
field | Y | - | Field containing the message to analyze |
target_field | N | field | Field to store extracted log level |
description | N | - | Documentation note |
if | N | - | Condition to run |
ignore_failure | N | false | See Handling Failures |
ignore_missing | N | false | If true, skip if field doesn't exist |
on_failure | N | - | See Handling Failures |
on_success | N | - | See Handling Success |
tag | N | - | Identifier |
Details
The processor detects five log levels: critical, error, warning, info, and debug. It supports multiple logging formats including standard text levels, Google's Glog format, and Redis log formats.
The processor examines only the first few fields of messages and truncates very long messages for efficient processing. Log level detection is case-insensitive and handles common variations and abbreviations.
Non-string input fields will cause processing errors unless ignore_failure is enabled. When no recognized log level is found, the level is set to "unknown".
Examples
Basic
Extracting the level from a log message... | |
grabs the level: | |
Store Level
Storing the level in a separate field... | |
preserves the original message: | |
Glog Format
Processing a Glog-formatted message... | |
detects the Glog error level: | |
Error Handling
Handling parsing failures gracefully... | |
adds error tag and continues execution: | |