input {
  stdin { }
}

filter {

# initialize metadata field used as flag
mutate {
  add_field => { "[@metadata][foundtype]" => "" }
}

# try to match 'hello' looking messages
if "" == [@metadata][foundtype] {
  grok {
    match => { "message" => "hello %{GREEDYDATA:[@metadata][myname]}" }
    break_on_match => false
    add_field => { "[@metadata][foundtype]" => "hellotype" }
    add_tag => [ "didhello" ]
  }
}

# try to match 'bye' looking messages
if "" == [@metadata][foundtype] {
  grok {
    match => { "message" => "bye %{GREEDYDATA:[@metadata][myname]}" }
    break_on_match => false
    add_field => { "[@metadata][foundtype]" => "byetype" }
    add_tag => [ "didbye" ]
  }
}

#  add description based on flag
if !("" == [@metadata][foundtype]) {
  mutate {
    add_field => { "description" => "action performed by %{[@metadata][myname]}" }
  }
}else {
  mutate {
    add_field => { "description" => "this was not a hello or bye message type" }
  }
}


} # filter

output {
 stdout { codec => rubydebug }
}