The In operator returns a Boolean value: true if the specified property is in the specified object, or false if it is not.


  • in ([, , , ...])

In the syntax, we are checking the value of the field provided for the argument.

If the value of matches any of value arguments (, , ...) the function will return true. Otherwise, it will return false.


Find 5xx or 4xx errors, otherwise OK message

The following query:

| parse "GET * HTTP/1.1\" * * \"*\"" as url, status_code, size, referrer
| if (status_code in ("500", "501", "502", "503", "504", "505", "506", "401", "402", "403", "404"), "error", "OK message") as reason

would return results similar to:

Constructed with this season's lighter weight linen, the Jack is ideal for beachside looks. The breathable fabrication drapes effortlessly and allows for cool...