Match multiple ip segment Regex

sreejiths · September 14, 2017, 8:07am

Below is the if statement which is working fine

if [host] =~ "^10.255.212.([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$" {
mutate { add_field => [ "host_group", "XXX" ] }
} else {
mutate { add_field => [ "host_group", "XX" ] }
}
Query 1 : Will the above ip segment regex can be added in patterns to have the grok more simpler

Query 2 : If i have to match mutiple segments (AND or OR) in same if [host] , how can i achieve it ..Below one is not working

if [host] =~ "^10.255.212.([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$" || "^10.255.214.([1-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$" {
mutate { add_field => [ "host_group", "XXX" ] }
} else {
mutate { add_field => [ "host_group", "XX" ] }
}
}

Please provide inputs ..

sushanth · September 14, 2017, 9:27am

I am also new to logstash but an elseif would be easier at this point I think..

magnusbaeck · September 14, 2017, 9:44am

As documented, the logical disjunction operator is or and not ||.

https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html

Secondly, each side of the disjunction must be a complete expression, i.e. [host] =~ /.../ or [host] =~ /.../, not [host] =~ /.../ or /.../.

Finally, you should look into the cidr filter.

sreejiths · September 15, 2017, 6:57am

Thanks ..It works perfectly ..Appreciate your quick response and help

system · October 13, 2017, 6:58am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Splitting IP addresses Logstash	3	920	April 26, 2018
Do Grok patterns have a place in the if =~ conditional matching? Logstash	3	5924	July 6, 2017
Conditional filtering by source with IP addresses Logstash	7	7000	April 11, 2017
Issues with if statement, grok, and mutate Logstash	1	3381	July 6, 2017
How do we match multiple random ips? Logstash	3	3921	July 6, 2017

Match multiple ip segment Regex

Related topics