dropEvent( ) Query Function

This is a filter that lets you completely drop an event in the parser pipeline to stop them from being ingested. Don’t apply this in a query, though. Use a plain filter instead.


Takes no parameters.


Prevent all events matching a particular field value from being ingested.

parseJson() | case { someField = "some_value" | dropEvent(); * } | parseTimestamp(field=@timestamp)