Hello, I use Hashicorp Vault in sidecar mode, so it adds two containers to my pods: “vault-agent-init” and “vault-agent”. I want to exclude sending logs from these containers while keeping everything else, so I've done this in my ClusterFlow: match: - exclude: container_names: - vault-agent-init - vault-agent However, the logs of these two containers are still collected and transmitted, am I doing something wrong? Thanks in advance

can you confirm these changes have made it into the actual fluentd config?

Yes, the changes have been applied and appear in the “logging-root-fluentd-app” secret:

<route>
    @label @90659d5096f28c1fda0335b03c332d94
    metrics_labels {"id":"clusterflow:cattle-logging-system:logstash-flow-etd"}
    <match>
      container_names vault-agent-init,vault-agent
      namespaces xxx
      negate true
    </match>
    <match>
      labels team:etd
      negate false
    </match>
  </route>

I saw the detection of the configuration change in the pod logs too. I've already tried restarting all the pods but still the same, the “vault-agent-init” and “vault-agent” container logs continue to be transmitted in Syslog.

this is the only flow/clusterflow you have?

OK I found the problem, I had put an exclusion on namespaces and container_names in the same “exclude” when I should have separated them into two different “exclude”... Sorry for the inconvenience, another problem between the chair and the keyboard! :D

hey, glad that you could figure that out! 🙂