Stage Commands
Stage commands perform operations on a single event, this category of commands are typically the most performant and have the lowest resource requirements.
These commands are executed in parallel and don’t require any synchronisation.
Available Stage Commands
| Command | Description |
|---|---|
eval | Evaluate expressions to create or modify fields |
extract | Extract new fields from existing ones using regex named capture groups |
extractjson | Extract fields from JSON data |
fields | Select or reorder fields from events |
filter | Filter events based on field values |
lookup | Enrich events by joining against external data sources |
match | Match field values against patterns |
rename | Rename fields in events |