Hi, I currently have a filter with nine "or" statements that look for a few different strings in log messages, then applies a tag. I tried a regex similar to this, but it wasn't matching on anything: if "(foo|bar|foobar)" in [message] { mutate { add_tag => "mytag" } } The only way I could …

How do you do multiple "OR"s in a filter?

Badger November 21, 2019, 3:58pm 2

Try

if [message] =~ "(foo|bar|foobar)" {

"in" does array membership testing and substring matching. =~ does regexp matching.

How to use if condition to filter spider event gracefully in logstash

Topic		Replies	Views
Filter with more than one possible match? Logstash	3	393	April 19, 2022
Logstash or condition in if statement Logstash	3	62561	January 31, 2017
Avoiding multiple OR conditions in if statements logstash Logstash	3	1014	May 14, 2018
Conditional, check multiple values for a field Logstash	4	15458	December 15, 2017
Logstash pipeline multiple if statements Logstash	2	324	November 12, 2021