The severity_parser operator sets the severity on an entry by parsing a value from the record.
| Field | Default | Description |
|---|---|---|
id |
required | A unique identifier for the operator |
output |
required | The id for the operator to send parsed entries to |
parse_from |
required | A field that indicates the field to be parsed as JSON |
preserve_to |
Preserves the unparsed value at the specified field | |
on_error |
send |
The behavior of the operator if it encounters an error. See on_error |
preset |
default |
A predefined set of values that should be interpreted at specific severity levels |
mapping |
A formatted set of values that should be interpreted as severity levels. | |
if |
An expression that, when set, will be evaluated to determine whether this operator should be used for the given entry. This allows you to do easy conditional parsing without branching logic with routers. |
Several detailed examples are available here.