github.com/crowdsecurity/crowdsec@v1.6.1/pkg/parser/tests/base-json-extract/base-grok2.yaml

github.com/crowdsecurity/crowdsec@v1.6.1/pkg/parser/tests/base-json-extract/base-grok2.yaml (about)

     1  filter: "evt.Meta.program == 'my_test_prog'"
     2  debug: true
     3  onsuccess: next_stage
     4  name: tests/base-grok
     5  pattern_syntax:
     6    MYCAP3: ".*"
     7  nodes:
     8    - grok:
     9        pattern: ^xxheader %{MYCAP3:extracted_value} trailing stuff$
    10        apply_on: message
    11  statics:
    12    - meta: log_type
    13      value: parsed_testlog
    14    - parsed: extracted_arrayfield_from_object
    15      expression: JsonExtract(evt.Parsed.extracted_array, '[1]')
    16