Log Transforms
Log Transforms modify log events by adding or changing fields as they flow through the ingestion pipeline. Use them to enrich logs with computed values, extract data from nested fields, or add context from lookup tables.
How It Works
- Logs enter the Oodle's ingestion pipeline
- Each transform checks its filter condition (if defined)
- If matched, new / modified fields are merged into the log event
- Transforms apply in sequence order
- Transformed logs are stored with the new / modified fields
Example Walkthrough
In the following video, we walk through how log transforms can be used for fixing missing severity levels in logs.