lines.txt
with the following content:Note: using the command line mode need special attention to quote the regular expressions properly. It's suggested to use a configuration file.
lines.txt
file. Then the grep filter will apply a regular expression rule over the log field (created by tail plugin) and only pass the records which field value starts with aa:kubernetes.labels.app
), you can use the following rule:exclude
with a regex that matches anything, a missing key will fail this check.iot_timestamp
must match the expected expression - if it does not or is missing/empty then it will be excluded.