mirror of
https://github.com/crowdsecurity/crowdsec.git
synced 2025-05-14 13:24:34 +02:00
16 lines
403 B
YAML
16 lines
403 B
YAML
filter: "evt.Meta.program == 'my_test_prog'"
|
|
debug: true
|
|
onsuccess: next_stage
|
|
name: tests/base-grok
|
|
pattern_syntax:
|
|
MYCAP3: ".*"
|
|
nodes:
|
|
- grok:
|
|
pattern: ^xxheader %{MYCAP3:extracted_value} trailing stuff$
|
|
apply_on: message
|
|
statics:
|
|
- meta: log_type
|
|
value: parsed_testlog
|
|
- parsed: extracted_arrayfield_from_object
|
|
expression: JsonExtract(evt.Parsed.extracted_array, '[1]')
|
|
|