Filter logs from the OTLP, application, and Istio input to control which data your pipeline processes. You can define filters to include or exclude logs based on their source namespace, container, and other attributes.
The following settings filter data by source. For advanced, content-based filtering and transformation, use the OpenTelemetry Transformation Language (OTTL). For details, see Transform and Filter with OTTL.
|
Source |
Granularity |
Behavior without |
Collect from All Namespaces |
Collect from Specific Namespaces |
|---|---|---|---|---|
|
OTLP (default) |
Namespace |
includes system namespaces |
This is the default, no action needed. |
Use the |
|
Application |
Namespace, Container* |
excludes system namespaces |
Add |
Use the |
|
Istio |
Namespace, Workload ( |
n/a |
Apply the Istio |
Apply the Istio |
* The application input provides an additional containers selector that behaves the same way as the namespaces selector.
You can filter incoming OTLP logs by namespace. By default, all system namespaces are included.
These filters only apply to logs that have an associated namespace. The pipeline always collects any logs that do not have a namespace.
The include and exclude filters are mutually exclusive.
-
To collect OTLP logs from specific namespaces, use the
includefilter:... input: otlp: namespaces: include: - namespaceA - namespaceB -
To collect OTLP logs from all namespaces except specific ones, use the
excludefilter:... input: otlp: namespaces: exclude: - namespaceA - namespaceB
You can control which namespaces to collect logs from using include, exclude, and system filters. The include and exclude filters are mutually exclusive.
-
To collect logs from specific namespaces, use the
includefilter:... input: runtime: namespaces: include: - namespaceA - namespaceB -
To collect logs from all namespaces except specific ones, use the
excludefilter:... input: runtime: namespaces: exclude: - namespaceC
By default, application logs from kube-system, istio-system, and kyma-system are excluded. To override this and collect logs from them, set the namespaces attribute to an empty object::
...
input:
runtime:
enabled: true
namespaces: {}
You can also filter logs based on the container name with include and exclude filters. These filters apply in addition to any namespace filters.
The following pipeline collects input from all namespaces excluding kyma-system and only from the istio-proxy containers:
...
input:
runtime:
enabled: true
namespaces:
exclude:
- myNamespace
containers:
exclude:
- myContainer
otlp:
...
To limit logging to a single application within a namespace, configure label-based selection for this workload with a selector in the Istio Telemetry resource.
apiVersion: telemetry.istio.io/v1
kind: Telemetry
metadata:
name: access-config
namespace: $YOUR_NAMESPACE
spec:
selector:
matchLabels:
service.istio.io/canonical-name: $YOUR_LABEL
accessLogging:
- providers:
- name: kyma-logs
To reduce noise and cost, filter your Istio access logs. This is especially useful for filtering out traffic that doesn't use an HTTP-based protocol, as those log entries often lack useful details.
Add a filter expression to the same accessLogging block that you used to enable the logs. The expression uses Envoy attributes to define which log entries to keep.
The following example enables mesh-wide logging but only keeps logs that have a defined request protocol, effectively filtering out most non-HTTP traffic.
apiVersion: telemetry.istio.io/v1
kind: Telemetry
metadata:
name: mesh-default
namespace: istio-system
spec:
accessLogging:
- filter:
expression: 'has(request.protocol)'
providers:
- name: kyma-logs