github.com/crowdsecurity/crowdsec@v1.6.1/pkg/parser/tests/base-grok-stash/test.yaml (about) 1 #these are the events we input into parser 2 lines: 3 - Line: 4 Labels: 5 type: testlog 6 Raw: start foobar thing with pid 12 7 - Line: 8 Labels: 9 type: testlog 10 Raw: start toto thing with pid 42 11 - Line: 12 Labels: 13 type: testlog 14 Raw: pid 12 did a forbidden thing 15 - Line: 16 Labels: 17 type: testlog 18 Raw: pid 42 did a forbidden thing 19 - Line: 20 Labels: 21 type: testlog 22 Raw: pid 45 did a forbidden thing 23 #these are the results we expect from the parser 24 results: 25 26 - Meta: 27 log_type: test_start 28 Parsed: 29 program: foobar 30 pid: "12" 31 Process: true 32 Stage: s00-raw 33 34 - Meta: 35 log_type: test_start 36 Parsed: 37 program: toto 38 pid: "42" 39 Process: true 40 Stage: s00-raw 41 42 - Meta: 43 log_type: test_continue 44 associated_prog_name: foobar 45 Parsed: 46 pid: "12" 47 Process: true 48 Stage: s00-raw 49 50 - Meta: 51 log_type: test_continue 52 associated_prog_name: toto 53 Parsed: 54 pid: "42" 55 Process: true 56 Stage: s00-raw 57 58 - Meta: 59 log_type: test_continue 60 Parsed: 61 pid: "45" 62 Process: true 63 Stage: s00-raw