A condition is a boolean expression that you can specify in your agent policy to control whether a configuration is applied to the running {agent}. You can set a condition on inputs, streams, or even processors.
In this example, the input is applied if the host platform is Linux:
inputs:
- id: unique-logfile-id
type: logfile
streams:
- paths:
- /var/log/syslog
condition: ${host.platform} == 'linux'In this example, the stream is applied if the host platform is not Windows:
inputs:
- id: unique-system-metrics-id
type: system/metrics
streams:
- metricset: load
data_stream.dataset: system.cpu
condition: ${host.platform} != 'windows'In this example, the processor is applied if the host platform is not Windows:
inputs:
- id: unique-system-metrics-id
type: system/metrics
streams:
- metricset: load
data_stream.dataset: system.cpu
processors:
- add_fields:
fields:
platform: ${host.platform}
to: host
condition: ${host.platform} != 'windows'The conditions supported by {agent} are based on {ref}/eql-syntax.html[EQL]'s boolean syntax, but add support for variables from providers and functions to manipulate the values.
Supported operators:
-
Full PEMDAS math support for
+ - * / %. -
Relational operators
< ⇐ >= > == != -
Logical operators
andandor
Functions:
Types:
-
Booleans
trueandfalse
Run only when a specific label is included.
arrayContains(${docker.labels}, 'monitor')Skip on Linux platform or macOS.
${host.platform} != "linux" and ${host.platform} != "darwin"Run only for specific labels.
arrayContains(${docker.labels}, 'monitor') or arrayContains(${docker.label}, 'production')