[draft] Feature: match_fields v2

[vadimalekseev]

match_fields allows us to selectively apply Actions. But the current implementation of match_fields does not allow us to do things like empty string checking, object type checking, etc.

We have two ways: write own query language or describe it in config.

The new API will look like this:

pipelines:
  k8s:
    actions:
      - type: 'modify'
        service: 'unknown'
        do_if:
          - cond: 'equal'
            field: 'service'
            value: null
            or: # TODO: same is a new condition?
              - cond: 'equal'
                # field: 'service' -- 'field' was inherited from the parent
                value: ''

      - type: 'modify'
        message: 'Invalid message'
        do_if:
          - cond: 'type_equal'
            field: 'message'
            invert: true
            value: 'string'

      - type: 'modify'
        level: 'unknown'
        do_if:
          - cond: 'equal'
            field: 'level'
            value: null
          - cond: 'equal'
            field: 'level'
            value: ''

      - type: 'throttle'
        do_if:
          - cond: 'equal'
            field: 'service'
            value: 'unknown'
            and:
              - cond: 'prefix'
                invert: true
                field: 'level'
                value: 'err'
              - cond: 'in'
                invert: true
                field: 'level'
                value: ['panic', null, 'warn']

      - type: 'modify'
        important_event: true
        do_if:
          cond: 'equal'
          invert: true
          field: 'service'
          value: 'unknown'
          and:
            cond: 'in'
            field: 'level'
            value: [ 'error', 'warn' ]

It looks wordy than creating own language, but greatly simplifies the implementation. I’ll explore alternative solutions.