crowdsec/pkg/parser/tests/base-json-extract/base-grok.yaml

filter: "evt.Line.Labels.type == 'json-1'"
debug: true
onsuccess: next_stage
name: tests/base-json-extract
statics:
  - parsed: message
    expression: JsonExtract(evt.Line.Raw, "log")
  - meta: other_field
    expression: JsonExtract(evt.Line.Raw, "testfield")
  - meta: program
    expression: evt.Line.Labels.progrname
  - parsed: extracted_array
    expression: JsonExtract(evt.Line.Raw, "nested_1.anarray")
  - parsed: extracted_array_field
    expression: JsonExtract(evt.Line.Raw, "nested_1.anarray[0]")
add json support via expr helpers 2020-05-22 16:12:33 +00:00			`filter: "evt.Line.Labels.type == 'json-1'"`
			`debug: true`
			`onsuccess: next_stage`
			`name: tests/base-json-extract`
			`statics:`
			`- parsed: message`
			`expression: JsonExtract(evt.Line.Raw, "log")`
			`- meta: other_field`
			`expression: JsonExtract(evt.Line.Raw, "testfield")`
			`- meta: program`
			`expression: evt.Line.Labels.progrname`
working tests for json 2020-05-23 11:22:43 +00:00			`- parsed: extracted_array`
			`expression: JsonExtract(evt.Line.Raw, "nested_1.anarray")`
			`- parsed: extracted_array_field`
			`expression: JsonExtract(evt.Line.Raw, "nested_1.anarray[0]")`
add json support via expr helpers 2020-05-22 16:12:33 +00:00