Match multiple ip segment Regex

sreejiths · September 14, 2017, 8:07am

Below is the if statement which is working fine

if [host] =~ "^10.255.212.([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$" {
mutate { add_field => [ "host_group", "XXX" ] }
} else {
mutate { add_field => [ "host_group", "XX" ] }
}
Query 1 : Will the above ip segment regex can be added in patterns to have the grok more simpler

Query 2 : If i have to match mutiple segments (AND or OR) in same if [host] , how can i achieve it ..Below one is not working

if [host] =~ "^10.255.212.([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$" || "^10.255.214.([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$" {
mutate { add_field => [ "host_group", "XXX" ] }
} else {
mutate { add_field => [ "host_group", "XX" ] }
}
}

Please provide inputs ..

sushanth · September 14, 2017, 9:27am

I am also new to logstash but an elseif would be easier at this point I think..

magnusbaeck · September 14, 2017, 9:44am

As documented, the logical disjunction operator is or and not ||.

https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html

Secondly, each side of the disjunction must be a complete expression, i.e. [host] =~ /.../ or [host] =~ /.../, not [host] =~ /.../ or /.../.

Finally, you should look into the cidr filter.

sreejiths · September 15, 2017, 6:57am

Thanks ..It works perfectly ..Appreciate your quick response and help

Topic		Replies	Views
Logstash compare one field with multiple value (string) Logstash	6	11748	July 6, 2017
How use multiple if regex expression in output segment Logstash	6	455	June 5, 2018
How to add multiple conditions in single if statement if ((A==1) && (B==( 2 \|\| 3)) Logstash docker	4	758	January 14, 2020
IF Regex not working Logstash	6	226	January 16, 2024
IF Statement being ignored Logstash	3	356	September 27, 2018

Match multiple ip segment Regex

Related topics