in operator

The In operator returns a Boolean value: true if the specified property is in the specified object, or false if it is not.


  • my_field in (value_1, value_2, value_3, ..., value_n)

In the syntax, we are checking the value of my_field.

If the value of my_field matches any of value_1, ..., value_n, the function will return true. Otherwise it will return false.


Find 5xx or 4xx errors, otherwise OK message.

The following query:

| parse "GET * HTTP/1.1\" * * \"*\"" as url, status_code, size, referrer
| if (status_code in ("500", "501", "502", "503", "504", "505", "506", "401", "402", "403", "404"), "error", "OK message") as reason

would return results similar to: