I have tried to solve this problem with all the combinations, but missing some key thing on how to resolve. I have various logs coming with source pattern as /var/log/containers/*. I would like to drop the DEBUG logs and hence have the following in props.conf: [source://var/log/containers/*] TRANSFORMS-null = debug_to_null and in transforms.conf:   [debug_to_null] REGEX = DEBUG DEST_KEY = queue FORMAT = nullQueue After making the above change, as expected the logs with DEBUG keyword is getting dropped.   Now, I would also like to drop logs with another pattern for a particular source pattern under /var/log/containers, so I've updated my props.conf like this:   [source::/var/log/containers/*_integration-business*.log] TRANSFORMS-null = setnull [source://var/log/containers/*] TRANSFORMS-null = debug_to_null   and updated transforms.conf like this: [debug_to_null] REGEX = DEBUG DEST_KEY = queue FORMAT = nullQueue [setnull] REGEX = NormalizedApiId failed to resolve DEST_KEY = queue FORMAT = nullQueue   After making this change, I can see only logs with DEBUG keyword is getting dropped, however the logs with NormalizedApiId failed to resolve are still being ingested. I was hoping that logs with DEBUG keyword from all source paths with /var/log/containers/* pattern will be dropped and NormalizedApiId failed to resolve keyword from a particular source path with /var/log/containers/*_integration-business*.log pattern will be dropped. But seems not working that way. Please guide me on this. ... View more