Just to add more information about logstash conditionals: actually the "compare the content of a field with an array" will not test true if there is only 1 element in the array.
if [AT_VAL1] in ["SECURED"] # will never test true because it has only 1 element (logstash bug)
if [AT_VAL1] in ["SECURED", "SECURED"] # is equivalent to if [AT_VAL1] == "SECURED"
I've just discovered the substring match comparison in your last paragraph and it's 
although I don't have a direct use for it.