Match filters can be used to select the log records to process. These filters have the same options and syntax as the syslog-ng flow match expressions.

  filters:
  - match:
      or:
      - regexp:
          value: json.kubernetes.labels.app.kubernetes.io/name
          pattern: apache
          type: string
      - regexp:
          value: json.kubernetes.labels.app.kubernetes.io/name
          pattern: nginx
          type: string

Configuration 🔗︎

MatchExpr 🔗︎

and ([]MatchExpr, optional) 🔗︎

Default: -

not (*MatchExpr, optional) 🔗︎

Default: -

regexp (*RegexpMatchExpr, optional) 🔗︎

Regexp Directive

Default: -

or ([]MatchExpr, optional) 🔗︎

Default: -

Regexp Directive 🔗︎

Specify filtering rule.

pattern (string, required) 🔗︎

Pattern expression to evaluate

Default: -

template (string, optional) 🔗︎

Specify a template of the record fields to match against.

Default: -

value (string, optional) 🔗︎

Specify a field name of the record to match against the value of.

Default: -

flags ([]string, optional) 🔗︎

Pattern flags

Default: -

type (string, optional) 🔗︎

Pattern type

Default: -

Example Regexp filter configurations 🔗︎

apiVersion: logging.banzaicloud.io/v1beta1
kind: Flow
metadata:
 name: demo-flow
spec:
 filters:
   - match:
       regexp:
       - value: first
         pattern: ^5\d\d$
 match: {}
 localOutputRefs:
   - demo-output

Syslog-NG Config Result 🔗︎

log {
   source(main_input);
   filter {
       match("^5\d\d$" value("first"));
   };
   destination(output_default_demo-output);
};