2020-05-22 16:12:33 +00:00
|
|
|
filter: "evt.Meta.program == 'my_test_prog'"
|
|
|
|
|
debug: true
|
|
|
|
|
onsuccess: next_stage
|
|
|
|
|
name: tests/base-grok
|
|
|
|
|
pattern_syntax:
|
|
|
|
|
MYCAP: ".*"
|
|
|
|
|
nodes:
|
|
|
|
|
- grok:
|
|
|
|
|
pattern: ^xxheader %{MYCAP:extracted_value} trailing stuff$
|
|
|
|
|
apply_on: message
|
|
|
|
|
statics:
|
|
|
|
|
- meta: log_type
|
|
|
|
|
value: parsed_testlog
|
2020-05-23 11:22:43 +00:00
|
|
|
- parsed: extracted_arrayfield_from_object
|
|
|
|
|
expression: JsonExtract(evt.Parsed.extracted_array, '[1]')
|
2020-05-22 16:12:33 +00:00
|
|
|
|
