Severity Remapper

A Severity Remapper is used to modify or map the severity levels of incoming log events. This allows you to redefine the severity or importance of log messages according to your organizational standards or operational needs.

By adjusting severity levels, the remapper helps you:

  • Gain clearer insights during log analysis
  • Prioritize events based on impact or urgency
  • Align with custom severity classifications

Configuration Steps

To configure a Severity Remapper processor in your log pipeline:

1. Select Processor Type

Choose Severity Remapper from the list of available processors.

2. Name the Processor

Provide a unique and descriptive name for the processor (e.g., ecs-severity-mapper).

3. Set Attribute(s)

You can specify one or multiple attributes separated by commas. For example:

level, severity, logLevel

4. Save the Processor

Click the Create Processor button to save and add the Severity Remapper to your log pipeline.

Category Processor

The Category Processor enables you to create a new attribute with a specific value, based on defined filter conditions.

This is especially useful for logically grouping and organizing log data based on status codes, service names, tags, or any other log property.

Example Scenario :

Create a new attribute called status_label based on HTTP status code ranges:

  • OK → status codes between 200 and 299
  • REDIRECT → status codes between 300 and 399
  • ERROR → status codes between 400 and 499
  • CRITICAL → status codes greater than 500

These categories help in simplifying data analysis and making dashboards more intuitive.

Configuration Steps

To create a category processor:

1. Select Processor Type

Choose Category Processor from the list of available processors.

2. Name the Processor

Provide a unique and descriptive name for the processor (e.g., status-label-mapper).

3. Set Target Attribute

Specify the target attribute where the category value should be stored (e.g., status_label or custom.status.label).

4. Define Categories

For each category:

  • Select one or more filters from the dropdown to match specific events.
  • Assign a value that will be set to the target attribute when the filter condition is met.

5. Save the Processor

Review all added category entries and click the Create Processor button to save and add the Category Processor to your log pipeline.