search
Log in|Playground

Drop Logs

hashtag
Overview

Filter out noisy, irrelevant, or non-critical logs at ingestion. By dropping logs at the sensor levelβ€”before they're sent to storageβ€”you can significantly reduce costs while focusing on the logs that matter most.

hashtag
Why Drop Logs?

Not all logs provide equal value. Dropping logs allows you to:

  • Reduce data volume and storage costs by filtering out noise

  • Focus on critical information without distractions

  • Improve query performance by reducing the dataset size

  • Save on storage costs since logs are dropped at the sensor

circle-check

Logs are dropped in the sensor - the earliest point possible - achieving maximum savings in terms of networking and ingestion.

hashtag
How Log Dropping Works

To drop a log, you define a condition (e.g., log message content, container name, log level) and use a set(drop, true) statement. If the condition matches, the log is dropped before ingestion.

Key Concepts:

  • drop - A reserved field. If set to true, the log is filtered out

  • where - Used to specify when the dropping should apply

  • IsMatch() - A function for matching regex or substrings within fields

hashtag
Best Practices

  1. Be specific with conditions - Use precise conditions to avoid accidentally dropping important logs

  2. Test before deploying - Use the Parsing Playground to verify your drop rules

  3. Start conservative - Begin by dropping obvious noise, then expand gradually

  4. Monitor the impact - Track how many logs are being dropped and adjust as needed

  5. Document your rules - Use clear ruleName values to explain what each rule does

  6. Consider performance - Dropping logs early saves processing, networking, and storage costs

  7. Avoid dropping errors - Unless absolutely necessary, preserve error and warning logs

hashtag
Common Use Cases

hashtag
Drop Health Check Logs

Health check endpoints often generate high-volume, low-value logs.

πŸ’‘ What it does: Filters out logs with requests to the /healthz endpoint from nginx containers.

hashtag
Drop Debug Logs from Specific Services

Development or verbose logging can overwhelm production logs.

πŸ’‘ What it does: Filters out debug logs from the groundcover-demo service.

hashtag
Drop Logs Based on Multiple Patterns

Filter out various monitoring and internal checks.

πŸ’‘ What it does: Drops logs containing metrics, readiness, or liveness probe requests in production.

hashtag
Drop Logs by Status Code

Filter out successful requests to focus on errors.

πŸ’‘ What it does: Drops logs with 2xx status codes from the API gateway to focus on errors and unusual behavior.

hashtag
Drop Logs from Test Environments

Reduce noise from non-production environments.

πŸ’‘ What it does: Drops all logs from test and staging namespaces.

hashtag
Conditional Dropping with Complex Logic

Combine multiple conditions for fine-grained control.

πŸ’‘ What it does: Drops info-level "job completed" messages and all debug logs from background workers.

hashtag
Key Functions

hashtag
set(drop, true)

Marks a log for dropping. Can be used with or without conditions.

hashtag
IsMatch()

Checks if a field matches a regex pattern or substring.

hashtag
Combining Conditions

Use logical operators to create complex filtering rules.

Last updated