Log exclusion filtering

SolarWinds Observability can exclude incoming log messages based on a filter of one or more strings or regular expressions. Logs that match the filter are not brought into SolarWinds Observability. Filters can be global to all logs or restricted to specific log sources.

You can configure your client or application to send only a subset of your log events. Log filter exclusions are applied based on the logs that are sent to SolarWinds Observability and independent of any filter set for your client or application.

Set up a log exclusion filter

1. Click Settings > Logs > Log Exclusion Filters.

2. Click Create Exclusion Filter.

3. On the Edit Filter screen:

   1. Add a name for the filter (required) and optional description.

   2. Select whether the filter should apply to All Logs or just Specific Sources.

      If selecting Specific Sources, select an API token. The log exclusion filter applies only to the logs that are ingested using the selected token.

   3. Define a rule for SolarWinds Observability to match when rejecting logs. Select the type of expression (regular expression or string), and then enter an expression in the Rule Expression field.

      To define a rule for SolarWinds Observability to match when rejecting logs, use a regex pattern compatible with a POSIX regex engine.

      The Debuggex PCRE Regex Cheatsheet may be useful in writing expressions. Lookaround expression elements are not supported, so try writing an alternative regex, alterning log configuration, or adding identifiable content to the problem messages to meet your pattern-matching goal.

      To add more rules, click Add Rule and repeat this step.

4. Click Save to save the exclusion filter.