2020-05-27 14:46:01 +00:00
|
|
|
filter: "evt.Line.Labels.type == 'testlog'"
|
|
|
|
debug: true
|
|
|
|
onsuccess: next_stage
|
|
|
|
name: tests/base-grok
|
|
|
|
data:
|
|
|
|
- source_url: https://invalid.com/test.list
|
2020-05-27 15:04:54 +00:00
|
|
|
dest_file: ./sample_strings.txt
|
2020-08-23 21:34:12 +00:00
|
|
|
type: string
|
2020-05-27 14:46:01 +00:00
|
|
|
|
|
|
|
pattern_syntax:
|
2020-05-27 15:54:59 +00:00
|
|
|
MYCAP_EXT: ".*"
|
2020-05-27 14:46:01 +00:00
|
|
|
nodes:
|
|
|
|
- grok:
|
2020-05-27 15:54:59 +00:00
|
|
|
pattern: ^xxheader %{MYCAP_EXT:extracted_value} trailing stuff$
|
2020-05-27 14:46:01 +00:00
|
|
|
apply_on: Line.Raw
|
|
|
|
statics:
|
|
|
|
- meta: log_type
|
|
|
|
value: parsed_testlog
|
|
|
|
- meta: is_it_in_file
|
|
|
|
expression: |-
|
2020-05-27 15:04:54 +00:00
|
|
|
evt.Parsed.extracted_value in File("./sample_strings.txt") ? "true" : "false"
|
2020-05-27 14:46:01 +00:00
|
|
|
|
|
|
|
|