lines.txtwith the following content:
Note: using the command line mode need special attention to quote the regular expressions properly. It's suggested to use a configuration file.
lines.txtfile. Then the grep filter will apply a regular expression rule over the log field (created by tail plugin) and only pass the records which field value starts with aa:
kubernetes.labels.app), you can use the following rule:
excludewith a regex that matches anything, a missing key will fail this check.
iot_timestampmust match the expected expression - if it does not or is missing/empty then it will be excluded.