24 lines
535 B
YAML
24 lines
535 B
YAML
filter: "evt.Line.Labels.type == 'testlog'"
|
|
debug: true
|
|
onsuccess: next_stage
|
|
name: tests/base-grok
|
|
data:
|
|
- source_url: https://invalid.com/test.list
|
|
dest_file: ./sample_strings.txt
|
|
type: string
|
|
|
|
pattern_syntax:
|
|
MYCAP_EXT: ".*"
|
|
nodes:
|
|
- grok:
|
|
pattern: ^xxheader %{MYCAP_EXT:extracted_value} trailing stuff$
|
|
apply_on: Line.Raw
|
|
statics:
|
|
- meta: log_type
|
|
value: parsed_testlog
|
|
- meta: is_it_in_file
|
|
expression: |-
|
|
evt.Parsed.extracted_value in File("./sample_strings.txt") ? "true" : "false"
|
|
|
|
|