The following log has three duplicate pairs: time and @timestamp, level and severity_text, host and hostname. Same values, different names. You’re paying for each twice.
Tero generates a scoped policy for each service where this pattern exists:
Copy
id: remove-redundant-fields-checkout-apiname: Remove redundant fields from checkout-apidescription: Drop duplicate timestamp, level, and host fields when they match their canonical equivalents.log: match: - resource_attribute: service.name exact: checkout-api - or: - log_attribute: time equals_field: "@timestamp" - log_attribute: level equals_field: severity_text - log_attribute: host equals_field: hostname transform: remove: - log_attribute: time - log_attribute: level - log_attribute: host
Want to apply this org-wide? You can expand the scope when you approve to enforce across all services, not just the ones where Tero detected the pattern.
These fields are typically added by agents and collectors, not your application code. Fixing at the source would mean reconfiguring your entire observability stack. It’s simpler to drop them at the edge.
Tero analyzes every log event in your context graph. When two fields contain identical values consistently (exact string matches, timestamps that differ only in format, numeric fields with the same value) they’re flagged as redundant.Fields that are similar but not identical aren’t flagged. If time is UTC and @timestamp is local time, that’s not redundant. Tero only flags true duplicates.
