Output Wildcard for Hostname

This code works:

output {
if [host][name] in ["lab4a.local.com", "lab4b.local.com"] {
elasticsearch {
index => "lab4-%{+YYYY.MM.dd}"
}
}
}

Because I have multiple hosts with the hostname lab4{a,b,c,d,e...z} it'd be simpler if I could use a wildcard in the hostname, for example
output {

if [host][name] in ["lab4*"] {
elasticsearch {
index => "lab4-%{+YYYY.MM.dd}"
}
}
}

The asterisk does work so I tried regex:

if [host][name] in ["lab4\w.*"]

but no luck either. What is the best way to use wildcards in this situation?

if [host][name] =~ /^lab4*/

This worked for me. Thank you once again @Badger.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.