Understanding Pipeline Exceptions in Grepr

Steve Waterworth
Illustration of Grepr pipeline exceptions showing multiple red log blocks flowing into a routing point with a warning sign, then splitting into paths that lead to a stack of black servers, representing selective exposure of raw logs during incidents.

Teams rely on Grepr to shrink log volume by over 90 percent while keeping every raw event safe in low-cost storage. That reduction makes day to day operations easier, but during an incident you often need to see the exact unaggregated logs that led up to a failure. Pipeline exceptions give engineers that access without changing their setup or interrupting production workflows.

Pipeline exceptions tell a Grepr pipeline to pause aggregation for specific messages and temporarily expose the full raw logs before and after that trigger. Engineers can create these exceptions in the Grepr web dashboard with a few clicks. You choose the trigger, define the scope, and set the time window before and after the trigger where you want unaggregated logs available.

There are two types of exceptions:

  • Static rules match a known pattern at all times. 
  • Dynamic rules activate only when a condition appears in your logs or when triggered by an external API call. 

Most teams use dynamic rules for live incident support since they fire automatically when an error or anomaly shows up.

A dynamic exception based on a log trigger begins with a query. This is the condition that activates the exception. For example, you might want the exception to fire when the payment service logs an error. A query like:

service:rs-payment severity:error

will catch that event. Once the trigger is defined, you add scoping keys. Scoping keys help Grepr build a precise query for data backfill and control which data stops aggregating temporarily. If the error happened on host tuxtop then selecting service and host as the scoping keys gives you a refined query:

service:rs-payment host:tuxtop

This makes the exception focus on the exact instance that produced the error rather than every node running the service. It also ensures that the backfill collects only relevant logs from the same context.

The dashboard guides you through the rest. You pick the time period before and after the trigger where Grepr should surface unaggregated logs. This window gives engineers full visibility into what happened leading up to the event and how the system behaved afterward. The entire setup can be tested in the data explorer to confirm the trigger and scoping logic.

Pipeline exceptions give engineers the best of both worlds. You keep Grepr’s log reduction in place during normal operation, and when trouble hits you can instantly access complete raw logs without reconfiguring tools or pulling data from other systems. That improves incident response, shortens MTTR, and protects service quality.

To see the full process in action, watch the video walkthrough here.

Try Grepr now for free and see how teams cut log noise while keeping every raw event available when it matters.

Share this post

More blog posts

All blog posts
A beige background with a grid of simple black rectangles and red circles connected by arrows, forming many small abstract flow diagrams that each show a different branching or sequence pattern.
Product

APM Signature Sampling: Enabling High-Fidelity Observability

Grepr’s Signature Sampling brings high-fidelity observability to modern systems by capturing every unique execution path without the noise or cost of traditional APM.
November 5, 2025
A minimalist illustration showing disorganized black dots and bar charts on the left flowing into a red cloud icon on the right, which outputs neatly stacked storage icons and rising bar charts, symbolizing Grepr reducing telemetry volume while preserving visibility.
Engineering

What Is an Observability Pipeline (and Why It Matters More Than Ever)

Modern observability generates too much telemetry data and too little insight, and Grepr solves this by providing an intelligent observability platform that automates data processing, routing, and storage to cut costs by over 90% while preserving full visibility.
October 27, 2025
A minimalist illustration on a beige background showing a black government building with a red roof, a rising line graph with red data points leading into a magnifying glass, and a set of black bar chart columns to the right, all symbolizing how regulatory standards influence logging and observability.
Engineering

How DORA Redefines Logging and Observability

Grepr enables financial institutions to stay compliant with DORA by maintaining full log visibility and audit readiness at a fraction of traditional costs.
October 17, 2025

Get started free and see Grepr in action in 20 minutes.

Sign up
HomeFeaturesDocsAboutContact
Privacy PolicyTerms of Use
© 
#
 Grepr. All rights reserved.