I'm a bit confused. I read the above documentation but if for instance, I have kernel warning logs from Syslog, so facility is kernel but severity is 'warning' then what sort of format is the filter? I see one option is syslog.level but what exactly does that correspond to?
For instance in the raw log message, all I have is the MSG and content, no syslog priority. Sample log.
Jan 9 13:05:26 ldc: [ID 537229 kern.warning] WARNING: i_ldc_unreg_queues: (0xb) channel RX queue unconf failed