Let's say you ended up on the official documentation page for conditions that you can use with processors and you want to use both "and" & "not" keywords at the same time, but it's not as easy as it sounds regarding dashes and indentation.
Here is a snippet that may help you, I use it to only push logs from kube-system namespace that belong to pod named kube-dns :
processors: - drop_event: when: and: - equals: kubernetes.namespace: "kube-system" - not.contains: kubernetes.pod.name: "kube-dns"
Hope it helps, do not hesitate in comments to let me know or suggest other tips.
Have a great day!