LOGIQ platform
LOGIQ platform
Home
Logiqctl
Overview
Releases
EULA
End User License Agreement
Log Insights
Quickstart guide
K8S Quickstart guide
AWS Quickstart guide
Ingesting data
Data extraction
Timestamp handling
LOGIQ Monitoring
Configuring Prometheus
Prometheus Data source
JSON Data source
Elasticsearch Data source
Vewing Logs
Terminology
Logs Page
Search Page
Reports
logiqctl
Role-Based Access Control (RBAC)
Configuring RBAC
ANOMALY DETECTION
Events
Event Rules
Alertable Events
Logs to time series event visualization
COMPLIANCE
Audit Trail
LOGIQ STREAMING
Query API
LOGIQ Configuration
E-Mail Configuration
Alert Destinations
Single Sign-On with SAML
Log Ingest configuration
Terminology
Minimal server configuration
Server options
Sources
Destinations
Filters
Groupings
Rules
Credentials
Partitions
RUNNING ON AWS
Getting started
AWS IAM Resources
1-Click deployment using CloudFormation
Powered by GitBook

Rules

Every LOGIQ configuration file must have at least one rule. A rule specifies how the incoming data streams are separated and organized into buckets and objects.

Rules are defined with the "rules" keyword in the config file. All rule definitions must have a "destination" keyword referring to a destination by name. Optionally, a rule may specify a "source" keyword referring to a source by name and a "filter" keyword referring to a filter by name. The config file validator will flag an error for destination, source, filter names that are not found but referenced in a rule definition

rules:
  -
    source: s_webservers
    filter: f_debug
    destination: t_webservers_debug

A minimal rule is defined with just a destination keyword and nothing else. This matches any client sending data and all data packets that are received.

rules:
-
   destination: t_default_bucket

destination [required]

The "destination" keyword specifies the name of a destination where data will be stored. Please refer to the destinations section for more details on how to define a valid destination.

source [optional]

The "source" keyword specifies the name of a source definition to match a sender of the data. This is an optional field. If the source keyword is not specified, all clients that send data to the server are allowed to match against the rule. Please refer to the sources section for more details on how to define a valid source.

filter [optional]

The "filter" keyword specifies the name of a filter definition that is used to specify a filtering rule. The destination is selected if the incoming data stream matches the filter. The filter is applied after the source match is made.

If a filter is not specified, the destination is selected based on the source match or if no source if specified for the destination. Please refer to the filters section for more details on how to define a valid filter.

Log Ingest configuration - Previous
Groupings
Next - Log Ingest configuration
Credentials
Last updated 1 year ago
Edit on GitHub
Contents
destination [required]
source [optional]
filter [optional]