Match

Match filters can be used to select the log records to process. These filters have the same options and syntax as the syslog-ng flow match expressions.

  filters:
  - match:
      or:
      - regexp:
          value: json.kubernetes.labels.app.kubernetes.io/name
          pattern: apache
          type: string
      - regexp:
          value: json.kubernetes.labels.app.kubernetes.io/name
          pattern: nginx
          type: string

Configuration

MatchExpr

and ([]MatchExpr, optional)

Default: -

not (*MatchExpr, optional)

Default: -

regexp (*RegexpMatchExpr, optional)

Regexp Directive

Default: -

or ([]MatchExpr, optional)

Default: -

Regexp Directive

Specify filtering rule. For details, see the AxoSyslog Core documentation

pattern (string, required)

Pattern expression to evaluate

Default: -

template (string, optional)

Specify a template of the record fields to match against.

Default: -

value (string, optional)

Specify a field name of the record to match against the value of.

Default: -

flags ([]string, optional)

Pattern flags

Default: -

type (string, optional)

Pattern type

Default: -

Example Regexp filter configurations

apiVersion: logging.banzaicloud.io/v1beta1
kind: Flow
metadata:
 name: demo-flow
spec:
 filters:
   - match:
       regexp:
       - value: first
         pattern: ^5\d\d$
 match: {}
 localOutputRefs:
   - demo-output

Syslog-NG Config Result

log {
   source(main_input);
   filter {
       match("^5\d\d$" value("first"));
   };
   destination(output_default_demo-output);
};