Mezmo allows you to filter out logs that you don’t need to store, both to help keep costs low and make searching through logs easier. You can filter out logs by sources, by apps, or by specific queries — these logs will not count towards your usage and will not be stored in Elasticsearch.
Note: Any Admin or member can create exclusion rules and they can add as many rules as needed. Exclusion rules take a few mins to go live and start filtering out your unneeded logs.
Warning: All data that is matched by an exclusion rule will not be saved. If your exclusion rules are too robust, you might lose data that you need.
Step 1: Go to Settings > Usage > Exclusion Rules
Step 2: On the Manage Usage page, click “Add Rule”
Step 3: Define a new exclusion rule
Give this rule a title for reference.
Define sources, apps and queries where matching log lines will not be stored in elasticsearch and will not be counted towards your usage.
During the creation of a new exclusion rule, you can check a box to “preserve these lines for live-tail and alerting”.
- If checked, matching logs will first come through live tail and be checked for alerts but will not be stored in elasticsearch and will not be counted towards your usage.
Before saving your exclusion rule, create a view with the same query to ensure the logs are representative of data you would like to exclude.
While saving your exclusion rule, if you do not check the box to “preserve these lines for live-tail and alerting”, then you can check back on the saved view and see if any more logs are rolling in.
If you do check the box to “preserve these lines for live-tail and alerting”, then you may want to monitor the usage coming in from particular apps and sources related to the rule.
Updated over 1 year ago