github.com/crowdsecurity/crowdsec@v1.6.1/pkg/parser/tests/base-json-extract/base-grok.yaml

github.com/crowdsecurity/crowdsec@v1.6.1/pkg/parser/tests/base-json-extract/base-grok.yaml (about)

     1  filter: "evt.Line.Labels.type == 'json-1'"
     2  debug: true
     3  onsuccess: next_stage
     4  name: tests/base-json-extract
     5  statics:
     6    - parsed: message
     7      expression: JsonExtract(evt.Line.Raw, "log")
     8    - meta: other_field
     9      expression: JsonExtract(evt.Line.Raw, "testfield")
    10    - meta: program
    11      expression: evt.Line.Labels.progrname
    12    - parsed: extracted_array
    13      expression: JsonExtract(evt.Line.Raw, "nested_1.anarray")
    14    - parsed: extracted_array_field
    15      expression: JsonExtract(evt.Line.Raw, "nested_1.anarray[0]")
    16      
    17