bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/pkg/parser/tests/base-grok-external-data/base-grok.yaml

bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/pkg/parser/tests/base-grok-external-data/base-grok.yaml (about)

     1  filter: "evt.Line.Labels.type == 'testlog'"
     2  debug: true
     3  onsuccess: next_stage
     4  name: tests/base-grok
     5  data:
     6    - source_url: https://invalid.com/test.list
     7      dest_file: ./sample_strings.txt
     8      type: string
     9  
    10  pattern_syntax:
    11    MYCAP_EXT: ".*"
    12  nodes:
    13    - grok:
    14        pattern: ^xxheader %{MYCAP_EXT:extracted_value} trailing stuff$
    15        apply_on: Line.Raw
    16  statics:
    17    - meta: log_type
    18      value: parsed_testlog
    19    - meta: is_it_in_file
    20      expression: |-
    21        evt.Parsed.extracted_value in File("./sample_strings.txt") ? "true" : "false"
    22  
    23