Skip to main content

Customizing Behavior

AutoExtract can be disabled on a per-request basis during ingestion by adjusting the following HTTP header values in the API requests made to ingest data:

  • X-No-AutoExtract: Set to 1 to disable AutoExtract and AutoClassify.
  • X-No-Detect-Category: Set to 1 to disable extraction category extraction into the category field.
  • X-No-Detect-Severity: Set to 1 to disable extraction of the severity field from the log text.
  • X-No-Detect-Timestamp: Set to 1 to disable extraction of the timestamp field from any timestamp found in the log text.
  • X-No-Remove-Timestamp-From-Message: Set to 1 to prevent removal of the text of a detected timestamp from the log text.
  • X-No-Unwrap-Raw-Json-In-Message: Set to 1 to disable JSON unwrapping in the log text.
  • X-No-AutoClassify: Set to 1 to disable AutoClassify.
  • X-Pattern-Max-Length: Set this to customize the maximum length of the automatic category set by AutoClassify
  • X-Timezone: Set this to the IANA timezone name (e.g., America/Denver) of the default timezone to use for any timestamps that do not have an explicit timezone offset. The vector.dev template configuration will have logic to automatically pass the local timezone of the vector.dev agent, so normally you should not need to specify this manually.
  • X-Severity-Map: A custom severity mapping to use in addition to standard severity mappings. A list of mappings (key=value) separated by commas to map custom severity values to standard severity values. For example: VeryBad=critical,10=TRACE,20=DEBUG,30=INFO,40=WARN,50=ERROR,60=FATAL