The Simple String Filter tests a record to see whether a specified substring occurs at any place within the body of the record. If a positive match is found, then the filter will forward the data to the next element in the pipeline.
If ProcessType is set to SimpleFilter a parent field named SimpleFilterConfiguration must be populated with these Mandatory fields:
|
These optional parameter may also be specified, if desired:
|
Example Simple String Process File
An example of a Process configuration file filtering records with MFSOURCETYPE = SMF070 and sending them to a Process that adds the necessary metadata before they are sent to Splunk.
{
"Name":"smf070simplefilter",
"Id":"7a368ccf-fb3f-4d8a-b26e-a589d0117bbd",
"SimpleFilterConfiguration":{
"SearchString":"\"MFSOURCETYPE\":\"SMF070\"",
“EqualityOperator”:”Equals”
},
"ProcessType":"SimpleFilter"
}