crowdsec/pkg/parser/tests/base-json-extract/base-grok2.yaml

filter: "evt.Meta.program == 'my_test_prog'"
debug: true
onsuccess: next_stage
name: tests/base-grok
pattern_syntax:
  MYCAP3: ".*"
nodes:
  - grok:
      pattern: ^xxheader %{MYCAP3:extracted_value} trailing stuff$
      apply_on: message
statics:
  - meta: log_type
    value: parsed_testlog
  - parsed: extracted_arrayfield_from_object
    expression: JsonExtract(evt.Parsed.extracted_array, '[1]')
add json support via expr helpers 2020-05-22 16:12:33 +00:00			`filter: "evt.Meta.program == 'my_test_prog'"`
			`debug: true`
			`onsuccess: next_stage`
			`name: tests/base-grok`
			`pattern_syntax:`
unique pattern names 2020-05-24 10:44:33 +00:00			`MYCAP3: ".*"`
add json support via expr helpers 2020-05-22 16:12:33 +00:00			`nodes:`
			`- grok:`
unique pattern names 2020-05-24 10:44:33 +00:00			`pattern: ^xxheader %{MYCAP3:extracted_value} trailing stuff$`
add json support via expr helpers 2020-05-22 16:12:33 +00:00			`apply_on: message`
			`statics:`
			`- meta: log_type`
			`value: parsed_testlog`
working tests for json 2020-05-23 11:22:43 +00:00			`- parsed: extracted_arrayfield_from_object`
			`expression: JsonExtract(evt.Parsed.extracted_array, '[1]')`
add json support via expr helpers 2020-05-22 16:12:33 +00:00