Let's say you ended up on the official documentation page for conditions that you can use with processors and you want to use both "and" & "not" keywords at the same time, but it's not as easy as it sounds regarding dashes and indentation.
Here is a snippet that may help you, I use it to only push logs from kube-system namespace that belong to pod named kube-dns :
processors:
- drop_event:
when:
and:
- equals:
kubernetes.namespace: "kube-system"
- not.contains:
kubernetes.pod.name: "kube-dns"
Hope it helps, do not hesitate in comments to let me know or suggest other tips.
Have a great day!
Top comments (1)
Nice! this looks super clean too.