Filebeat: How to not send logs from kube-system namespace

I tried all possible solutions mentioned here and StackOverflow. But not able to exclude logs from kube-system namespaces. Basically, I am getting logs from all the namespaces.

data:
  filebeat.yml: |-
    filebeat.inputs:
    - type: container
      paths:
        - /var/log/containers/*.log
      processors:
        - add_kubernetes_metadata:
            host: ${NODE_NAME}
            matchers:
            - logs_path:
                logs_path: "/var/log/containers/"
        - drop_event.when:
            or:
            - equals:
                kubernetes.namespace: "kube-system"
            - equals:
                kubernetes.namespace: "monitoring"

    setup.ilm.enabled: false
    output.elasticsearch:
      hosts: ['${ELASTICSEARCH_HOST:elasticsearch}:${ELASTICSEARCH_PORT:9200}']
      username: ${ELASTICSEARCH_USERNAME}
      password: ${ELASTICSEARCH_PASSWORD}

even tried this

filebeat.autodiscover:
 providers:
   - type: kubernetes
     node: ${NODE_NAME}
     hints.enabled: true
     hints.default_config:
       type: container
       paths:
         - /var/log/containers/*${data.kubernetes.container.id}.log
processors:
  - drop_event.when:
        or:
        - equals:
            kubernetes.namespace: kube-system
        - equals:
            kubernetes.namespace: monitoring

but nothing is working

Did you try this solution (with template): How to exclude other namespaces? - #24 by wajika ?

BTW Which version of filebeat are you using? Maybe there was a bugfix pushed in latter one.

I tried with filebeat version 7.8.0, 7.9.0, 7.12.0, and 8.0.0. But I keep getting all the noise from the kube-system namespace.

For a week I am trying to solve this issue. Almost testing everything on StackOverflow. Could you provide me any working yaml