Help Center/ Log Tank Service/ Best Practices/ Log Jobs (Beta)/ Processing Log Data Using DSL Functions/ Scenario 1: Filtering Logs in LTS
Updated on 2025-12-04 GMT+08:00
View PDF
Share

Scenario 1: Filtering Logs in LTS

You can filter logs using the e_if function with the DROP parameter, the e_if_else function with the DROP parameter, the e_drop function, or the e_keep function.

Common rules:

  • e_keep(e_has(...)): retains logs that meet the condition and discards logs that do not meet the condition.
  • e_drop(e_has(...)): discards logs that meet the condition and retains logs that do not meet the condition.
  • e_if_else(e_has("..."), KEEP, DROP): retains logs that meet the condition and discards logs that do not meet the condition.
  • e_if(e_not_has("..."), DROP): discards logs that meet the condition and retains logs that do not meet the condition.

Example:

  • Raw logs 
    [{ //Log 1
"source":  "192.168.0.1",
"client_ip":  "192.168.0.2",
"receive_time":  1587214851,
"topic": "app",
"class": "test_case",
"id":  7892,
"content":  "this is a log test"
},
{ //Log 2
"source":  "192.168.0.1",
"class":  "produce_case",
"id":  7890,
"content":  "this is a log test"
}]
  • Processing rule: discards logs that do not contain the topic or receive_time field. 
    e_if(e_not_has("topic"),e_drop())
e_if(e_not_has("receive_time"),e_drop())
  • Processing result 
    {
source:  192.168.0.1
client_ip:  192.168.0.2
receive_time:  1587214851
topic: app 
class:  test_case
id:  7892
content:  this is a log test
}