logstash icon indicating copy to clipboard operation
logstash copied to clipboard

Published 20 hours ago verified publisher icon elastic

`if .. in []` doesn't match for single-element arrays

Open praseodym opened this issue 6 years ago • 13 comments

A Logstash filter such as if "a" in ["a", "b"] matches but if "a" in ["a"] does not, which does not make sense. I'd consider this to be a bug.

Example pipeline:

input { generator { count => 1 } }

filter {
  if "a" in ["a"] {
    mutate { add_tag => "1" }
  }

  if "a" in ["a", "b"] {
    mutate { add_tag => "2" }
  }
}

output { stdout {} }

Output:

{
      "@version" => "1",
          "tags" => [
        [0] "2"
    ],
          "host" => "hostname",
    "@timestamp" => 2018-08-22T20:07:25.211Z,
      "sequence" => 0,
       "message" => "Hello world!"
}

I would expect to see both "1" and "2" as tags.

praseodym avatar Aug 22 '18 20:08 praseodym