Get Involved
partition
The partition block defines the set of log rows, in a plugin-defined Tailpipe table, that come from a specified source. A given Tailpipe table, like aws_cloudtrail_log, can include multiple partitions that use one or several source types.
Arguments
| Argument | Type | Optional? | Description |
|---|---|---|---|
| filter | String | Optional | A SQL where clause condition to filter log entries. Supports expressions using table columns. |
Examples
You can define a partition that uses the aws_s3_bucket type to collect all the CloudTrail log files from an S3 bucket:
You can use the filter argument to exclude specific log entries with expressions using table columns:
You can use the file_layout argument to scope the set of collected log files using grok patterns. This source block matches only us-east-1 rows.
Another source type, file, enables you to collect from local log files that you've downloaded. This partition collects the flaws.cloud files.