Logstash config output regex condition on integer

Hello all!

I'm working on indexing IIS logs in ES using Logstash.
Here is my config output section, where I try to seperate the http code response (status field) in two indices:

output {
   	if [type] == "mywebsite" and [status] =~ "^[2]" {
		elasticsearch {
			hosts => ["192.168.1.3:9200"]
			index => "logstash-httpCode2XX-%{+YYYY.MM}"
			document_type => "log"
		}
	}
	if [type] == "mywebsite" and [status] =~ "^[5]" {
		elasticsearch {
			hosts => ["192.168.1.3:9200"]
			index => "logstash-httpCode5XX-%{+YYYY.MM}"
			document_type => "log"
		}
	}
}

Given [status] field is "grokked" and mutated as an integer:

mutate {
	convert => {
		status => "integer"
        }
}

I do not understand why the second part of my conditions with the regex does not work... It is not verified, nothing is sent to my ES indices.

I add that without this condition, everything's ok until ES, so no Grok or mutate issue...

Thanks a lot if you have any idea!
Have a good day.

I'm not sure regexp matches work for integer fields. Note that the correct syntax for regexp matching is [status] =~ /^[2]/ (which is equivalent to [status] =~ /^2/). Either way, why use regexp matching in the first place when you can do [status] >= 200 and [status] < 300?

1 Like

Thanks for your reply!

It works fine using the simple mathematical comparison. When I tried the first time, I used quotes...
Morality, regex seem to not work on intergers.