parser
filter plugin "parses" string field in event records and mutates its event record with the parsed result.filter_parser
uses built-in parser plugins and your own customized parser plugin, so you can reuse the predefined formats like apache2
, json
, etc. See Parser Plugin Overview for more details<parse>
Sectionkey_name
reserve_time
time
field (1622473200
) is reserved as event time (2021-06-01 00:00:00.000000000 +0900
).reserve_time
, the result is:time
field is discarded.reserve_data
reserve_data
, the result is:key_name
field when parsing is succeeded.replace_invalid_sequence
false
true
, invalid string is replaced with safe characters and re-parse it.inject_key_prefix
hash_value_field
emit_invalid_record_to_error
@ERROR
label. Invalid cases are:@ERROR
label.false
.suppress_parse_error_log
is missing. What are the alternatives?parser
filter does not support suppress_parse_error_log
parameter because parser
filter uses the @ERROR
feature instead of internal logging to rescue invalid records. If you want to simply ignore invalid records, set emit_invalid_record_to_error false
.emit_invalid_record_to_error
parameter.