Reputation: 11
How to correctly use GCP log exclusion filter
I have created a GCP sink and want to exclude a specific log from GCP log explorer. There is an option called GCP log exclusion filter within GCP sink. I tried using regex and seems that the query syntax is correct. However, It doesn't exclude that specific log. I really appreciate if anyone can help me resolve this issue.
Below is an example log that I want to exclude coming into GCP sink from GCP log explorer.
textPayload: "127.0.0.1 - 07/Mar/2023:14:35:50 +0000 "GET /synergiq-k8s-ready.php" 200"
Basically I want to exclude logs which has resource.type=k8s_container, and textPlayload contains GET,POST, 127.0.0.1 with either 200 or 302 code.
I tried using below query in the exclusion filter but it's not actually excluding the log
resource.type=k8s_container AND textPayload=~ ".*127.0.0.1.+ GET.+ (200|302)"
Upvotes: 1
Views: 3550
Answers (1)
Reputation: 1534
I'm unclear on what you're actually trying to exclude here. The sample string that you want to filter out is a specific GET. But in the next line, you are broader in your criteria, and then your sample regex is filtering out POSTs, not GETs.
I'm going to go with the broadest criterion:
resource.type=k8s_container AND textPayload=~".*127.0.0.1.*(200|302)"
Alternately,
resource.type=k8s_container AND textPayload=~"127.0.0.1" AND textPayload=~"(200|302)"
Upvotes: 1
Related Questions
- How to change the project in GCP using CLI commands
- How to set up a GCP Monitoring log-based alert in Terraform?
- How to get all users logged into GCP project
- Redacting sensitive information from automatically generated logs from Google Cloud Run
- How to programatically filter log entries from GCP log?
- GCP Logs - How to filter out Stored Procedures or SQL
- Pre-defining service-account for google-sink with pubsub destination