The filter element in the input configuration contains a list of filter descriptions, each describing one filter applied on an input.

The general elements in the json are the following:

filterThe type of the filter, currently grok, keyvalue and json are supported-
conditionsThe conditions of which input to filter-
sort_orderDescribes the order in which the filters should be applied-
source_fieldThe source of the filter, must be set for keyvalue filterslog_message
remove_source_fieldRemove the source field after the filter is appliedfalse
post_map_valuesMappings done after the filtering provided it's result, see post map values-
is_enabledA flag to show if the filter should be usedtrue

Grok Filter

Grok filters have the following additional parameters:

log4j_formatThe log4j pattern of the log, not used, it is only there for documentation-
multiline_patternThe grok pattern that shows that the line is not a log line on it's own but the part of a multi line entry-
message_patternThe grok pattern to use to parse the log entry-

Key-value Filter

value_borders is only used if it is specified, and value_split is not.

Key-value filters have the following additional parameters:

field_splitThe string that splits the key-value pairs“\t”
value_splitThe string that separates keys from values“=”
value_bordersThe borders around the value, must be 2 characters long, first before it, second after it-