1. Proposed title of this feature request
--> Provide custom configuration to vector to Filter and Reduce logs

2. What is the nature and description of the request?
--> Feature Request

3. Why does the customer need this? (List the business requirements here)
--> To filter the logs and reduce the amount of logs generated

4. List any affected packages or components.    >> Vector , RHOL 5.6+

===============================================================
-Need to Enhance Openshift Version of Vector)
  1. Filter (Filter events based on a set of conditions) 
  2. Reduce (Collapse multiple log events into a single event based on a set of conditions and merge strategies)

**Filter: Filters events based on a set of conditions.

Given this event : \\\{"log":{"level":"debug","message":"I'm a noisy debug log"}},\\\{"log":{"level":"info","message":"I'm a normal info log"}}

TOML file example

~~~
[transforms.my_transform_id]
type = "filter"
inputs = [ "my-source-or-transform-id" ]
condition = '.level != "debug"'
~~~

This Vector event is produced: \\\{"log":{"level":"info","message":"I'm a normal info log"}}

**Reduce: Collapse multiple log events into a single event based on a set of conditions and merge strategies.

Given this event. : \\\{"log":{"host":"host-1.hostname.com","message":"foobar.rb:6:in /': divided by 0 (ZeroDivisionError)\n from foobar.rb:6:in bar'\n from foobar.rb:2:in foo'\n from foobar.rb:9:in \u003cmain\u003e'","pid":1234,"tid":5678,"timestamp":"2020-10-07T12:33:21.223543Z"}},\\\{"log":{"host":"host-1.hostname.com","message":"Hello world, I am a new log","pid":1234,"tid":5678,"timestamp":"2020-10-07T12:33:22.123528Z"}}

TOML file example

~~~
[transforms.my_transform_id]
type = "reduce"
inputs = [ "my-source-or-transform-id" ]
group_by = [ "host", "pid", "tid" ]
starts_when = "match(string!(.message), r'^[^\\s]')"

[transforms.my_transform_id.merge_strategies]
message = "concat_newline"
~~~

========================================================
Below are some additional details:

As we know advanced filtering is not supported, and this issue has been already reported and one RFE [0] going on for the same.

[0] https://issues.redhat.com/browse/OBSDA-228

This RFE has been raised for to Enhance Openshift Version of Vector
1. Filter (Filter events based on a set of conditions)
2. Reduce (Collapse multiple log events into a single event based on a set of conditions and merge strategies)
3. Splunk HED logs : defining the source Type

[1] https://vector.dev/docs/reference/configuration/transforms/filter/
[2] https://vector.dev/docs/reference/configuration/transforms/reduce/
[3] https://vector.dev/docs/reference/configuration/sinks/splunk_hec_logs/#sourcetype