Match

Match filters can be used to select the log records to process. These filters have the same options and syntax as syslog-ng flow match expressions.

filters:
- match:
    or:
    - regexp:
        value: json.kubernetes.labels.app.kubernetes.io/name
        pattern: apache
        type: string
    - regexp:
        value: json.kubernetes.labels.app.kubernetes.io/name
        pattern: nginx
        type: string

Configuration

MatchExpr

and ([]MatchExpr, optional)

not (*MatchExpr, optional)

or ([]MatchExpr, optional)

regexp (*RegexpMatchExpr, optional)

Regexp Directive

Regexp Directive

Specify filtering rule. For details, see the AxoSyslog Core documentation

flags ([]string, optional)

Pattern flags. For details, see the AxoSyslog Core documentation

pattern (string, required)

Pattern expression to evaluate

template (string, optional)

Specify a template of the record fields to match against.

type (string, optional)

Pattern type. For details, see the AxoSyslog Core documentation

value (string, optional)

Specify a field name of the record to match against the value of.

Example Regexp filter configurations

apiVersion: logging.banzaicloud.io/v1beta1
kind: Flow
metadata:
  name: demo-flow
spec:
  filters:
    - match:
      regexp:
        - value: first
          pattern: ^5\d\d$
  match: {}
  localOutputRefs:
    - demo-output

syslog-ng config result:

log {
    source(main_input);
    filter {
      match("^5\d\d$" value("first"));
    };
    destination(output_default_demo-output);
};

Last modified June 3, 2024: [4.6] Blog link fix (cc4602a)