Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new pipeline function "grok_exists" #5699

Merged
merged 3 commits into from Apr 11, 2019

Conversation

@kmerz
Copy link
Member

commented Feb 20, 2019

Description

Prior to this change, a missing grok pattern would
raise a error in the pipeline processor when using the "grok"
function. But the user would like to able to make one rule
which uses a grok pattern dynamicaly depending on if
a grok pattern exists or not.

This change adds a new function "grok_exists" which will
return true or false depending if a grok pattern exists.
Additionally it will make a entry to the graylog-server.log
if the second argument of the function is true and
the pattern was not found.

How Has This Been Tested?

  • Add a grok pattern named "KONRAD"
  • Add a new pipeline rule:
rule "grok exists true"
when
    grok_exists("KONRAD")
then
    debug("grok exists");
end
  • Check that debug log got raised
  • Changed Pattern name and checked that debug log got not raised.

Fixes #5689

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@kmerz kmerz added this to the 3.1.0 milestone Feb 20, 2019

@kmerz kmerz requested review from bernd and kroepke Feb 20, 2019

@kmerz kmerz force-pushed the issue-5689 branch from 04cf58c to 01d7808 Feb 20, 2019

@mpfz0r mpfz0r self-assigned this Mar 28, 2019

@mpfz0r
Copy link
Member

left a comment

Just two questions, other than that, looks great.

Add new pipeline function "grok_exists"
Prior to this change, a missing grok pattern would
raise a error in the pipeline processor when using the "grok"
function. But the user would like to able to make one rule
which uses a grok pattern dynamicaly depending on if
a grok pattern exists or not.

This change adds a new function "grok_exists" which will
return true or false depending if a grok pattern exists.
Additionally it will make a entry to the graylog-server.log
if the second argument of the function is true and
the pattern was not found.

@kmerz kmerz force-pushed the issue-5689 branch from 01d7808 to 417ff14 Apr 10, 2019

kmerz added 2 commits Apr 11, 2019
Fix annotations from @bernd
- Use cache instead of database
- rephrase description
- Add warning to use of log_missing

@bernd bernd removed the request for review from kroepke Apr 11, 2019

@bernd bernd self-assigned this Apr 11, 2019

@mpfz0r
mpfz0r approved these changes Apr 11, 2019
@bernd
bernd approved these changes Apr 11, 2019

@bernd bernd merged commit f4eb4bb into master Apr 11, 2019

4 checks passed

ci-web-linter Jenkins build graylog-pr-linter-check 3533 has succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
graylog-project/pr Jenkins build graylog-project-pr-snapshot 3687 has succeeded
Details
license/cla Contributor License Agreement is signed.
Details

@bernd bernd deleted the issue-5689 branch Apr 11, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.