mirrors/crowdsec
1
0
Fork 0
mirror of https://github.com/crowdsecurity/crowdsec.git synced 2025-05-14 05:14:06 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
crowdsec/pkg/parser/tests/base-json-extract/base-grok.yaml
Thibault bui Koechlin d601e21afb working tests for json
2020-05-23 13:22:43 +02:00

17 lines
517 B
YAML
Raw Permalink Blame History

filter: "evt.Line.Labels.type == 'json-1'"
debug: true
onsuccess: next_stage
name: tests/base-json-extract
statics:
- parsed: message
expression: JsonExtract(evt.Line.Raw, "log")
- meta: other_field
expression: JsonExtract(evt.Line.Raw, "testfield")
- meta: program
expression: evt.Line.Labels.progrname
- parsed: extracted_array
expression: JsonExtract(evt.Line.Raw, "nested_1.anarray")
- parsed: extracted_array_field
expression: JsonExtract(evt.Line.Raw, "nested_1.anarray[0]")
Reference in a new issue View git blame Copy permalink