Question about log_type in the drop_filter resource

[xocasdashdash]

I'm looking to create a module and i'm wondering if there's any significant difference between setting a log_type on the drop_filter or just forcing users to have to pass this as just another filter (type=XX).

I know it's more convenient but I'm thinking that maybe users don't need to be aware of the distinction and can just use the common API

[Doron-Bargo]

Hi @xocasdashdash not sure i understand your use case here
As a best practice we recommend users to use log_type in their logs so they can enjoy our prebuilt parsing and identified their logs
Since the log_type is optional you dont need to enforce customers to use this field but its highly recommended to using to make sure you drop only the data you really want to drop

[xocasdashdash]

yeah, the question is mostly if we can do the same thing we do with setting the log_type as part of the filters. I'm assuming log_type is just another attribute

[8naama]

Hey @xocasdashdash! Apologies for the delayed response!

Yes indeedlog_type is just another filter attribute (it has it's own field because of drop filter API structure).

If you want to pass it as a regular filter instead of under log_type, you can use the below (you also don't have to pass it at all if you want it more general):

  field_conditions {
    field_name = "type"
    value = "<<type_value>>"
  }