filter_out

The negative filter command.

Most common negative filtering examples

1
2
3
| filter_out(_raw_text like '%/vpns/%')
| filter_out(type = 'logout')
| filter_out(last_modified >= now()[-7 day])

Description

  1. Discards records where _raw_text (source raw record text) contains string “/vpns/” or _raw_text is NULL
  2. Discards records where string field type is “logout” or type is NULL
  3. Discards records where timestamp field last_modified is greater then 7 days ago or last_modified is NULL