I want to drop full record by searching a key using interceptor in flume is that possible to drop full record in flume?
For example in my log i have record like : (this record in pagenotfound.php) by searching pagenotfound.php this keyword i want to drop that full record is that possible ?
Thanks in advance
It would appear you can "chain" them by putting the interceptors that are desired in a list in the order you want them applied. I have never personally done it, so I can't say for sure. Hope this helps!
"Flume supports chaining of interceptors. This is made possible through by specifying the list of interceptor builder class names in the configuration. Interceptors are specified as a whitespace separated list in the source configuration. The order in which the interceptors are specified is the order in which they are invoked. The list of events returned by one interceptor is passed to the next interceptor in the chain."
Thanks a lot for replying, As you said i read that but i didn't get this thing
This is made possible through by specifying the list of interceptor builder class names in the configuration
as you said i want to define interceptors names like interceptor 1 and interceptor 2 this what you saying right.
guessing like this: (assuming you want search-replace to be applied first, regex second)
agent.sources.localsource.interceptors = search-replace regex
agent.sources.localsource.interceptors.search-replace.type = search_replace
agent.sources.localsource.interceptors.regex.type = regex_filter