Let's say you ended up on the official documentation page for conditions that you can use with processors and you want to use both "and" & "not" keywords at the same time, but it's not as easy as it sounds regarding dashes and indentation.

Here is a snippet that may help you, I use it to only push logs from kube-system namespace that belong to pod named kube-dns :

processors:
  - drop_event:
      when:
        and:
          - equals:
              kubernetes.namespace: "kube-system"
          - not.contains:
              kubernetes.pod.name: "kube-dns"

Hope it helps, do not hesitate in comments to let me know or suggest other tips.

Have a great day!