Table of Contents | ||||||
---|---|---|---|---|---|---|
|
Description
This unit is a Processor unit.
This unit filters inbound events based on a true/false condition set in the unit properties.
...
After dragging this unit into the Flow canvas, double-click it to access its configuration options. The following table describes the configuration options of this unit:
Tab | Field | Description |
---|---|---|
General | Name | Enter a name for the unit. It must start with a letter, and cannot contain spaces. Only letters, numbers, and underscores are allowed. |
Description | Enter a description detailing the scope of the unit. | |
Language | Specify the language you will use to write the expression in the Predicate, e.g. Javascript, Groovy, etc. | |
Predicate | The condition you wish to evaluate. Open the expression editor to type an expression, stating the input fields and the condition you wish to apply to each. |
Input ports
Port | Description |
---|---|
in | All events enter through this port. |
Output ports
Port | Description |
---|---|
out | This port outputs only those events for which the unit's condition is "true". |
discarded | This port outputs only those events for which the unit's condition is "false". |
error | This port outputs events that generated an error when evaluated against the condition. Standard error fields (error, exception) are added to the output events. |
Example
In this example, we want to send events related to a single user in our domain from the siem.logtrust.web.activity table to a new my.app table.
...