Match
Match filters can be used to select the log records to process. These filters have the same options and syntax as syslog-ng flow match expressions. When matching for labels or annotations, the available labels and annotations depend on the incoming message received from the log collector agent. See this list of common Kubernetes labels and annotations for details.
filters:
- match:
or:
- regexp:
value: json.kubernetes.labels.app.kubernetes.io/name
pattern: apache
type: string
- regexp:
value: json.kubernetes.labels.app.kubernetes.io/name
pattern: nginx
type: string
Configuration
MatchExpr
and ([]MatchExpr, optional)
not (*MatchExpr, optional)
or ([]MatchExpr, optional)
regexp (*RegexpMatchExpr, optional)
Regexp Directive
Specify filtering rule. For details, see the AxoSyslog Core documentation
flags ([]string, optional)
Pattern flags. For details, see the AxoSyslog Core documentation
pattern (string, required)
Pattern expression to evaluate
template (string, optional)
Specify a template of the record fields to match against.
type (string, optional)
Pattern type. For details, see the AxoSyslog Core documentation
value (string, optional)
Specify a field name of the record to match against the value of.
Example Regexp
filter configurations
apiVersion: logging.banzaicloud.io/v1beta1
kind: Flow
metadata:
name: demo-flow
spec:
filters:
- match:
regexp:
- value: first
pattern: ^5\d\d$
match: {}
localOutputRefs:
- demo-output
syslog-ng config result:
log {
source(main_input);
filter {
match("^5\d\d$" value("first"));
};
destination(output_default_demo-output);
};
Last modified January 21, 2025: Merge pull request #271 from kube-logging/feat/protected-cluster-output (92121e4)