rsyslog - how to tag and apply ruleset by line contents?

I am cleaning up and standardizing our log handling, adding fluentd and ELK. This part is working fine, since nginx is logging to its own file:

input(type="imfile" tag="app.nginx" file="/var/log/nginx/access.log" ruleset="fluentd")

However other components of the app, e.g. the python process, are logging to /var/log/syslog with log messages that are prefixed with [flask]. I would like to filter /var/log/syslog messages containing [flask], tag them with app.flask, and apply the fluentd ruleset.

I could configure each service to log to its own file like nginx, but I would like to avoid changing systemd config if possible.

I ended up solving this problem by redirecting messages to a specific log file and then adding an input pointed to it.

if $rawmsg contains "[flask]" then /var/log/flask.log

input(type="imfile" tag="app.flask" file="/var/log/flask.log" ruleset="fluentd")

If there is a way to do this without redirection to a different file I would still like to know.