"not in" on scenarios filter

I create scenarios with filter

 filter: "evt.Meta.log_type == 'http_access-log' && evt.Parsed.request in ['/path1', '/path2'] && evt.Parsed.http_user_agent not in ['Firefox', 'Chrome']"

I want this to apply only to those who do not meet agents Chrome and Firefox. Global whitelist in parsers/s02-enrich not suitable, must be implemented at the scenario level.

The exception doesn’t work. I tried ['*Firefox*', '*Chrome*'], it didn’t work either.
Are there other ways or am I using it wrong?


Hello !

This should be “true” if http_user_agent is exactly ‘Firefox’ or ‘Chrome’.
Do you want the condition to be true if http_user_agent contains ‘Firefox’ or ‘Chrome’ ?

No, I want to have ‘true’ if it does not contain ‘Firefox’ or ‘Chrome’