Route

Pass logs to a specific path.

  2 minute read  

Overview

The Route node passes logs to a specific path depending on a condition it evaluates. The path is connected to a specific output using the Pipeline Builder or by adding a path parameter to the links section in the YAML configuration. There is a default unmatched path that can route all remaining unmatched logs to a particular downstream node. If this is not specified the unmatched logs are not routed downstream. This is specified using the Pipeline Builder or by adding an unmatched path to the links section in the configuration YAML.

Example Configuration

- name: item_router
  type: route
  paths:
  - path: "pre-splunk"
    condition: regex_match(item["body"], "(?i)ERROR") 
  - path: "ns=edgedelta"
    condition: item["resource"]["k8s.namespace.name"] == "edgedelta"

links:
- from: source_node
  to: item_router
- from: item_router
  path: pre-splunk
  to: next_node1
- from: item_router
  path: ns=edgedelta
  to: next_node2    
- from: route
  path: unmatched
  to: other_output

Required Parameters

name

A descriptive name for the node. This is the name that will appear in Visual Pipelines and you can reference this node in the yaml using the name. It must be unique across all nodes. It is a yaml list element so it begins with a - and a space followed by the string. It is a required parameter for all nodes.

nodes:
  - name: <node name>
    type: <node type>

type: route

The type parameter specifies the type of node being configured. It is specified as a string from a closed list of node types. It is a required parameter.

nodes:
  - name: <node name>
    type: <node type>

paths

The paths parameter defines the paths and their expressions for matching logs. At least one path is required.

  • path is the name of the sub-path. This name is referenced with the path parameter in the links section
  • condition is a condition to evaluate if the log item should be sent to this path. The format is Common Expression Language (CEL) and you can use CEL macros.
- name: <node name>
  type: route
  paths:
  - path: "pre_elastic"
    condition: regex_match(item["body"], "(?i)ERROR") 
  - path: "ns=edgedelta"
    condition: item["resource"]["k8s.namespace.name"] == "edgedelta"

Optional parameters

exit_if_matched

The exit_if_matched parameter stops evaluation of further paths if a log matches the parent path. It is specified as a Boolean and the default is false. It is optional.

- name: <node name>
  type: route
  paths:
  - path: "<path name>"
    condition: <matching condition expression> 
    exit_if_matched: true
  - path: "<path name>"
    condition: <matching condition expression>