I have a namespace, hammy, in k8s with several pods deployed. Out of all the pods, i'd only want the pods with the name "blausy" to be ingested into the Heavy Forwarder. The rest of the logs in other pods should be dropped. How should i do it? Thanks! The log's source is something like source = /var/log/pods/hammy_blausy-api-<uuid> Inside my props.conf, this is my configuration [source::/var/log/pods/hammy_*]
TRANSFORMS-routing = whitelist_blausy_logs, drop_all_logs transform.conf [whitelist_blausy_logs]
SOURCE_KEY = MetaData:Source
REGEX = blausy-*
DEST_KEY = queue
FORMAT = indexQueue
[drop_all_logs]
REGEX = .*
DEST_KEY = queue
FORMAT = nullQueue Edit: at the moment, it's either dropping all the logs in hammy namespace, or ingesting all the logs
... View more
