Drop

Control Flow Elastic Compatible

Synopsis

Conditionally stops processing of a document by dropping it from the pipeline.

Schema

drop:
  - if: <script>
  - description: <text>
  - ignore_failure: <boolean>
  - on_failure: <processor[]>
  - on_success: <processor[]>
  - tag: <string>

Configuration

Field	Required	Default	Description
`if`	N	-	Condition that determines whether to drop the document
`description`	N	-	Explanatory note
`ignore_failure`	N	`false`	If `true`, condition evaluation errors are ignored
`on_failure`	N	-	See Handling Failures
`on_success`	N	-	See Handling Success
`tag`	N	-	Identifier

Details

This processor is particularly useful for filtering out unwanted documents based on their content or metadata without raising exceptions.

Common uses are filtering debug logs, excluding health checks, and dropping internal traffic.

warning

Once dropped, a document cannot be recovered by the subsequent processors. Use caution with complex conditions to avoid accidentally dropping important documents.

Examples

Basic Drop

Dropping documents with a specific packet count...	`{ "source": { "packets": 10 } }` `drop: - if: ctx.source.packets == 10`
removes them from the pipeline:	`Document dropped from pipeline`

Multiple Conditions

Specifying multiple criteria...	`{ "user": { "role": "guest", "access_level": 1 } }` `drop: - if: ctx.user.role == 'guest' && ctx.user.access_level < 2 - description: "Drop low-privilege guest access"`
filters out documents that meet the combined conditions:	`Document dropped from pipeline`

Complex Filtering

Using complex conditions...

{
  "http": {
    "request": {
      "method": "GET",
      "path": "/health",
      "source_ip": "10.0.0.1"
    }
  }
}

drop:
  - if: >
      ctx.http?.request?.method == 'GET' &&
      ctx.http.request.path == '/health' &&
      ctx.http.request.source_ip.startsWith('10.')
  - description: "Drop internal health checks"

filters out those traffic patterns:

Document dropped from pipeline

Error Handling

Handling evaluation errors gracefully...	`{ "status": "active" }` `drop: - if: ctx.nonexistent.field == true - ignore_failure: true`
continues the process on errors:	`{ "status": "active", "error": { "message": "failed to evaluate condition" } }`

Synopsis​

Schema​

Configuration​

Details​

Examples​

Basic Drop​

Multiple Conditions​

Complex Filtering​

Error Handling​