Subject: Excluding multiple values from nested json


How to exclude records that have any one of set of bad values of event
nested key.
i.e.If event value is bad1 or bad2 or bad3 then the record should be
excluded

Below is the config

# Jay - Tailing the Nginx Logs
<source>
        @type tail
        path /var/log/nginx/access.log
        pos_file /var/log/td-agent/nginx-access.pos
        tag nginx.access
        format json
</source>

# Jay - Filter the data before uploading it to kinesis
<filter nginx.access>
        @type grep
        <exclude>
                key $.request_body.event
                pattern bad1|bad2|bad3
        </exclude>
</filter>

Below is log format

{
  "time_local": "2019-06-04T18:51:03+05:30",
  "remote_addr": "123.0.0.1",
  "request_time": "0.000",
  "http_referrer": "https://abcd.com/shows",
  "http_user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
  "request_id": "7bf3a62064f2c05d56694c3e3d7ca93c",
  "http_true_client_ip": "123.123.123.123",
  "http_geo_info": "GEO=IN REGION=MH",
  "request_body": "{\"event\":\"ABC\",\"unique_id\":\"f8a68889ff212189f1eeeb94aec9ec10\"}}"
}

--