add a parser unit test using the 'in File(...)' construct

pkg/parser/tests/base-grok-external-data/base-grok.yaml

@@ -0,0 +1,22 @@
+filter: "evt.Line.Labels.type == 'testlog'"
+debug: true
+onsuccess: next_stage
+name: tests/base-grok
+data:
+  - source_url: https://invalid.com/test.list
+    dest_file: ../pkg/parser/tests/sample_strings.txt
+
+pattern_syntax:
+  MYCAP1: ".*"
+nodes:
+  - grok:
+      pattern: ^xxheader %{MYCAP1:extracted_value} trailing stuff$
+      apply_on: Line.Raw
+statics:
+  - meta: log_type
+    value: parsed_testlog
+  - meta: is_it_in_file
+    expression: |-
+      evt.Parsed.extracted_value in File("../pkg/parser/tests/sample_strings.txt") ? "true" : "false"
+
+

pkg/parser/tests/base-grok-external-data/parsers.yaml

@@ -0,0 +1,2 @@
+ - filename: {{.TestDirectory}}/base-grok.yaml
+   stage: s00-raw

pkg/parser/tests/base-grok-external-data/test.yaml

@@ -0,0 +1,32 @@
+#these are the events we input into parser
+lines:
+  - Line:
+      Labels:
+        #this one will be checked by a filter
+        type: testlog
+      Raw: xxheader VALUE1 trailing stuff
+  - Line:
+  #see tricky case : first one is nginx via syslog, the second one is local nginx :)
+      Labels:
+        #this one will be checked by a filter
+        type: testlog
+      Raw: xxheader VALUE2 trailing stuff
+#these are the results we expect from the parser
+results:
+
+  - Meta:
+      log_type: parsed_testlog
+      is_it_in_file: true
+    Parsed:
+      extracted_value: VALUE1
+      
+    Process: true
+    Stage: s00-raw
+  - Meta:
+      log_type: parsed_testlog
+      is_it_in_file: false
+    Parsed:
+      extracted_value: VALUE2
+    Process: true
+    Stage: s00-raw
+

pkg/parser/tests/sample_strings.txt

@@ -0,0 +1,3 @@
+VALUE1
+VALUE3
+RATATA