Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Flatten grok pattern result when applied with OR #5749

Merged
merged 2 commits into from Mar 21, 2019
Merged

Flatten grok pattern result when applied with OR #5749

merged 2 commits into from Mar 21, 2019

Conversation

@kmerz
Copy link
Member

@kmerz kmerz commented Mar 6, 2019

Description

Prior to this change, a named grok pattern containing a OR like

(%{INT:login}|%{WORD:login}})

would result in array like

[null, found]

This change will flatten the result (remove the null) and
only print the single left value instead of the array like
syntax:

found.

Fixes: #4773

How Has This Been Tested?

  • Add first grok pattern {name: "TEST1", pattern: "test1"}
  • Add second pattern {name; "TEST2", pattern: "test2"}
  • Add a extractor using the patterns: (%{TEST1:found}|%{TEST2:found})
  • Send a gelf message containing a message containing test1
  • Look that extractor result is found: test1
  • Send a gelf message containing a message containing test2
  • Look that extractor result is found: test2

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
@kmerz kmerz added this to the 3.1.0 milestone Mar 6, 2019
@kmerz kmerz requested a review from bernd Mar 6, 2019
kmerz and others added 2 commits Mar 21, 2019
Prior to this change, a named grok pattern containing a OR like

`(%{INT:login}|%{WORD:login}})`

would result in array like

`[null, found]`

This change will flatten the result (remove the null) and
only print the single left value instead of the array like
syntax:

`found`.
This checks that extractors actually use ".captureFlattened()".
bernd
bernd approved these changes Mar 21, 2019
@bernd bernd merged commit df01d7d into master Mar 21, 2019
3 of 4 checks passed
@bernd bernd deleted the issue-4773 branch Mar 21, 2019
kmerz added a commit that referenced this issue Mar 21, 2019
* Flatten grok pattern result when applied with OR

Prior to this change, a named grok pattern containing a OR like

`(%{INT:login}|%{WORD:login}})`

would result in array like

`[null, found]`

This change will flatten the result (remove the null) and
only print the single left value instead of the array like
syntax:

`found`.

* Add test for issue #4773

This checks that extractors actually use ".captureFlattened()".
bernd added a commit that referenced this issue Mar 21, 2019
* Flatten grok pattern result when applied with OR

Prior to this change, a named grok pattern containing a OR like

`(%{INT:login}|%{WORD:login}})`

would result in array like

`[null, found]`

This change will flatten the result (remove the null) and
only print the single left value instead of the array like
syntax:

`found`.

* Add test for issue #4773

This checks that extractors actually use ".captureFlattened()".
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

2 participants