Match

Match filters can be used to select the log records to process. These filters have the same options and syntax as syslog-ng flow match expressions. When matching for labels or annotations, the available labels and annotations depend on the incoming message received from the log collector agent. See this list of common Kubernetes labels and annotations for details.

filters:
- match:
    or:
    - regexp:
        value: json.kubernetes.labels.app.kubernetes.io/name
        pattern: apache
        type: string
    - regexp:
        value: json.kubernetes.labels.app.kubernetes.io/name
        pattern: nginx
        type: string

Configuration

MatchExpr

and ([]MatchExpr, optional)

not (*MatchExpr, optional)

or ([]MatchExpr, optional)

regexp (*RegexpMatchExpr, optional)

Regexp Directive

Regexp Directive

Specify filtering rule. For details, see the AxoSyslog Core documentation

flags ([]string, optional)

Pattern flags. For details, see the AxoSyslog Core documentation

pattern (string, required)

Pattern expression to evaluate

template (string, optional)

Specify a template of the record fields to match against.

type (string, optional)

Pattern type. For details, see the AxoSyslog Core documentation

value (string, optional)

Specify a field name of the record to match against the value of.

Example Regexp filter configurations

apiVersion: logging.banzaicloud.io/v1beta1
kind: Flow
metadata:
  name: demo-flow
spec:
  filters:
    - match:
      regexp:
        - value: first
          pattern: ^5\d\d$
  match: {}
  localOutputRefs:
    - demo-output

syslog-ng config result:

log {
    source(main_input);
    filter {
      match("^5\d\d$" value("first"));
    };
    destination(output_default_demo-output);
};