Break
Synopsis
Halts the remaining processors in the current pipeline chain and forwards the log entry to its target without further processing, similar to a break statement in programming languages.
Schema
- break:
description: <text>
if: <script>
ignore_failure: <boolean>
on_failure: <processor[]>
on_success: <processor[]>
tag: <string>
Configuration
The following fields are used to define the processor:
| Field | Required | Default | Description |
|---|---|---|---|
description | N | Explanatory note | |
if | N | Condition to run | |
ignore_failure | N | false | Continue processing if operation fails |
on_failure | N | See Handling Failures | |
on_success | N | See Handling Success | |
tag | N | Identifier |
Details
The break processor stops execution of all remaining processors in the current pipeline chain. The log entry is not dropped — it is forwarded to its configured target as-is, with all field values set up to the point of the break.
This processor has no required fields. When used without an if condition, it unconditionally halts further processing. The most common usage is with an if expression to conditionally exit the pipeline when specific criteria are met.
The break processor is classified as a finalizer: once triggered, the pipeline engine stops processing the current processor list and returns the log entry for delivery.
Examples
Unconditional Break
Halting all further processing unconditionally... | |
Processing stops at break; log entry is forwarded with only the fields set before break... | |
Conditional Break
Stopping processing when packet count matches condition... | |
Pipeline halts when condition is met; expensive enrichment processors are skipped... | |
Break with on_success Notification
Marking the log entry before breaking out of the pipeline... | |
Heartbeat events exit early with the skip marker set; non-heartbeat events proceed to enrichment... | |