Edge Delta Custom Processor
3 minute read
Overview
The Custom processor enables you to specify any OTTL statement. This is useful of no other processor offers the function you require, or if you have the statements defined already and want to migrate them.
For detailed instructions on how to use multiprocessors, see Use Multiprocessors.
Configuration
In this example, the session_reason attribute was calculated by converting the session duration from seconds to hours using the Hours function, which converts a given duration into hours. The Format function was then used to construct a descriptive message that incorporates both the username and the calculated inactive hours
- name: Multi Processor
type: sequence
processors:
- type: ottl_transform
metadata: '{"id":"YbVsBDq1jERJV-r8e1i3Z","type":"ottl_transform","name":"Custom"}'
statements: |-
set(cache["inactive_hours"], Hours(Duration(attributes["Duration"])))
set(attributes["session_reason"], Format(" The session for %s has been terminated after %f hours of inactivity", [attributes["user"],cache["inactive_hours"]]))
Options
Select a telemetry type
You can specify, log, metric, trace or all. It is specified using the interface, which generates a YAML list item for you under the data_types parameter. This defines the data item types against which the processor must operate. If data_types is not specified, the default value is all. It is optional.
It is defined in YAML as follows:
- name: multiprocessor
type: sequence
processors:
- type: <processor type>
data_types:
- log
condition
The condition parameter contains a conditional phrase of an OTTL statement. It restricts operation of the processor to only data items where the condition is met. Those data items that do not match the condition are passed without processing. You configure it in the interface and an OTTL condition is generated. It is optional. You can select one of the following operators:
| Operator | Name | Description | Example |
|---|---|---|---|
== |
Equal to | Returns true if both values are exactly the same |
attributes["status"] == "OK" |
!= |
Not equal to | Returns true if the values are not the same |
attributes["level"] != "debug" |
> |
Greater than | Returns true if the left value is greater than the right |
attributes["duration_ms"] > 1000 |
>= |
Greater than or equal | Returns true if the left value is greater than or equal to the right |
attributes["score"] >= 90 |
< |
Less than | Returns true if the left value is less than the right |
attributes["load"] < 0.75 |
<= |
Less than or equal | Returns true if the left value is less than or equal to the right |
attributes["retries"] <= 3 |
matches |
Regex match | Returns true if the string matches a regular expression |
isMatch(attributes["name"], ".*\\.name$" |
It is defined in YAML as follows:
- name: _multiprocessor
type: sequence
processors:
- type: <processor type>
condition: attributes["request"]["path"] == "/json/view"
OTTL Statement
You define the operation of the processor using one or more OTTL statements. This populates the statements parameter in the YAML.
- name: Multiprocessor
type: sequence
processors:
- type: <processor type>
statements: |-
<OTTL statement>
<OTTL statement>
Final
The final parameter specifies whether successfully processed data items should continue to subsequent processors within the same multiprocessor node. Data items that fail to be processed by the processor will be passed to the next processor in the node regardless of this setting. You select the slider in the tool which specifies it for you in the YAML as a Boolean. The default is false and it is optional.
It is defined in YAML as follows:
- name: multiprocessor
type: sequence
processors:
- type: <processor type>
final: true