replace_match
Learn about the replace_match OTTL editor function.
less than a minute
The replace_match function is used to replace entire strings when they match a specified glob pattern. It simplifies transforming telemetry data by matching exact pattern formats and substituting them with desired strings.
Syntax: replace_match(target, pattern, replacement, function, ReplacementFormat)
- Target: A path expression to a telemetry field that needs to be checked against the pattern.
- Pattern: A filepath match string, which defines the criteria for a match.
- Replacement: The string or path expression to a string telemetry field that will replace any match.
- Function: (Optional) An optional converter function that applies to the replacement string, allowing customization like hashing.
- ReplacementFormat: (Optional) Specifies the formatting pattern for the replacement, demanding exactly one
%splaceholder for its content.
Input
{
"_type": "log",
"body": "...",
"resource": {
"ed.conf.id": "123456789",
"ed.org.id": "987654321",
"ed.tag": "ed-dev-alb-logs-v3",
"host.ip": "10.151.135.237",
"host.name": "default-deployment-5c69f64d9-78wvm",
"messaging.system": "s3_sqs",
"service.name": "s3-sqs-s3_input",
"src_type": "s3_sqs"
},
"timestamp": 1730511053177
}
Statement
replace_match(resource["host.name"], "default-deployment-*", "anonymized-host")
Output
{
"_type": "log",
"body": "...",
"resource": {
"ed.conf.id": "123456789",
"ed.org.id": "987654321",
"ed.tag": "ed-dev-alb-logs-v3",
"host.ip": "10.151.135.237",
"host.name": "anonymized-host",
"messaging.system": "s3_sqs",
"service.name": "s3-sqs-s3_input",
"src_type": "s3_sqs"
},
"timestamp": 1730511053177
}
In this example, the host.name in the resource object matches the pattern "default-deployment-*" and is replaced with "anonymized-host", effectively anonymizing the host’s identity within logs.