Leona
GitHubBlogs
  • Welcome to Leona!
  • Installation
    • Docker
    • Manual Setup
    • Log Collection
  • Tutorial
    • Quickstart
  • Configuration
    • Server Conf
    • Web Interface
    • Multi-Nodes
    • Index Model
    • Backup
    • The REST APIs
  • Security
    • Using ModSecurity
    • Logging User Activity
    • The URL Whitelist
    • Alerts And Events
  • Getting in
    • Log Sources
      • GELF
      • Beats
      • Ingest Logs Manually
        • Syslog
        • Journald
        • CEF
        • Raw or Plaintext
        • From Files
        • HTTP API
        • Application Data
      • Input
    • Sidecar
    • Forwarder
      • Forward Installation
      • Forward Configuration
  • Making sense
    • Pipelines
      • Rules
      • Functions
      • Use Cases
    • Streams
    • Enrichment
      • Lookup Tables
      • Geolocation
      • Data Adapters
  • Alerts & Notifications
    • Alerting By Example
    • Notifications
    • Leona Dashboard
  • Searching
    • Search Query Language
    • Time Frame Selector
  • Appendix
    • Support
    • License
    • Ecosystem
    • Contribute
    • Change Log
    • FAQs
Powered by GitBook
On this page
  1. Making sense
  2. Pipelines

Rules

PreviousPipelinesNextFunctions

Last updated 2 years ago

Rules are the cornerstone of processing pipelines. They contain the logic about how to change, enrich, route, and drop messages.

To avoid the complexities of a complete programming language, leona supports a small rule language to express processing logic. The rule language is intentionally limited to allow for easier understanding, faster learning, and better runtime optimization.

The real work of rules is done in functions, which are completely pluggable. Leona already ships with a great number of built-in functions, providing data conversion, string manipulation, data retrieval using , JSON parsing, and much more.

We expect that special purpose functions will be written and shared by the community, enabling faster innovation and problem-solving than previously possible.

lookup tables