Skip to main content
Sumo Logic

Metrics Include and Exclude Rules

You can use metrics processing rules to specify what metrics a metrics source are sen to Sumo Logic.

This page describes metrics include and exclude processing rules, which you can apply to a metrics source to control metrics are sent to Sumo Logic.

  • An exclude rule functions as an allowlist filter where the matching data is not sent to Sumo Logic.
  • An include rule functions as a denylist filter where only matching data is sent to Sumo Logic.

As a best practice, specify these rules to match the lesser volume of data.

  • If you want to collect the majority of data from the Source's path provide exclude rules to match (filter out) the lesser volume of data.
  • If you want to collect a small set of data from the Source's path provide include rules to match (filter in) the lesser volume of data.

You configure metrics processing rules on the Collection > Collectors and Sources > Edit Source page for a metrics source. There are two rule types for metrics: Exclude metrics that match and Include metrics that match.

metric-processing-rule.png

Exclude metrics example

Assume you have a CPU_Usage metric with this structure:

Name: CPU_Usage
Dimension: {cluster:receiver, _sourceCategory:receiver}
Metadata: {service:payment, env:dev}

You can filter CPU_Usage data points by either dimensions, metadata, or both. For example, to prevent ingestion of CPU_Usage metrics for which service=payment, user a filter like:

^CPU_Usage.*service=payment.* 

Include metrics example

Assume the CPU_Usage metric described above. 

To configure a source to only send CPU_Usage metrics for which env=prod, user a filter like:

^CPU_Usage.*env=prod.*