So I have two firewalls and a filter setup to process with a "if [host]" check is met. Is there a way to something like:
if [host] =~ /192\.168\.100\.1/ OR /192\.168\.100\.2/ {
}
So I have two firewalls and a filter setup to process with a "if [host]" check is met. Is there a way to something like:
if [host] =~ /192\.168\.100\.1/ OR /192\.168\.100\.2/ {
}
Yes you can:
if [host] =~ /192\.168\.100\.1/ or [host] =~ /192\.168\.100\.2/ {
Better:
if [host] =~ /^192\.168\.100\.[12]$/ {
The syntax for conditionals is documented: https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.