Can I do an or in a match

Jackal9301 · December 7, 2015, 4:34pm

Is there a way I can write a grok to do something like:

grok{
    match => [ "Message_Data", "File \"C:\\\\Windows\\Prefetch\\DLL" or "New File \"C:\\\\Windows\\Prefetch\\DLL " ]

I don't want to have to write to separate statements for this match since i would just be duplicating everything

magnusbaeck · December 7, 2015, 6:41pm

Use | to separate the different options (often combined with parentheses):

(some-subexpression|another-subexpression|...)

Topic		Replies	Views
How can i use 'or' in logstash grok filter Logstash	1	317	September 20, 2018
Using regex grouping and logical OR in a Grok Pattern Logstash	3	14145	July 6, 2017
Usage of "or" operator in logstash grok filters Logstash	11	4035	September 25, 2019
How do you do multiple "OR"s in a filter? Logstash	3	476	December 19, 2019
How to do a conditional regex on or? Logstash	5	351	May 13, 2020