Match multiple ip segment Regex

Below is the if statement which is working fine

if [host] =~ "^10.255.212.([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$" {
mutate { add_field => [ "host_group", "XXX" ] }
} else {
mutate { add_field => [ "host_group", "XX" ] }
}
Query 1 : Will the above ip segment regex can be added in patterns to have the grok more simpler

Query 2 : If i have to match mutiple segments (AND or OR) in same if [host] , how can i achieve it ..Below one is not working

if [host] =~ "^10.255.212.([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$" || "^10.255.214.([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$" {
mutate { add_field => [ "host_group", "XXX" ] }
} else {
mutate { add_field => [ "host_group", "XX" ] }
}
}

Please provide inputs ..

I am also new to logstash but an elseif would be easier at this point I think..

As documented, the logical disjunction operator is or and not ||.

https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html

Secondly, each side of the disjunction must be a complete expression, i.e. [host] =~ /.../ or [host] =~ /.../, not [host] =~ /.../ or /.../.

Finally, you should look into the cidr filter.

1 Like

Thanks ..It works perfectly ..Appreciate your quick response and help

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.