Event operation functions

Last Updated：2025-11-14

Introduction

Functions for processing a single line of logs, including filtering, distribution, splitting, etc.

Discard logs that meet the conditions.

e_drop(condition)

Parameter name	Parameter description	Parameter type	Required or not	Parameter default	Parameter range
Condition	A function expression with a value of bool type	Bool	Yes	-	-

Original log:

[
    {
        "field": "a,b,c",
        "status": "500"
    },
    {
        "field": "a,b,c",
        "status": "200"
    }
]

Processing rules:

e_drop(v("status")=="500")

Processing results:

[
    {
        "field": "a,b,c",
        "status": "200"
    }
]

Retain logs that meet the conditions.

e_keep(condition)

Parameter name	Parameter description	Parameter type	Required or not	Parameter default	Parameter range
Condition	A function expression with a value of bool type	Bool	Yes	-	-

Original log:

[
    {
        "field": "a,b,c",
        "status": "500"
    },
    {
        "field": "a,b,c",
        "status": "200"
    }
]

Processing rules:

e_keep(v("status")=="500")

Processing results:

[
    {
        "field": "a,b,c",
        "status": "500"
    }
]