type: counter
name: test/simple-trigger
description: "Simple leaky"
filter: "evt.Line.Labels.type =='testlog'"
duration: 10s
capacity: -1
groupby: evt.Meta.source_ip
labels:
 type: overflow_1