Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Flatten grok pattern result when applied with OR #5749

Merged
merged 2 commits into from Mar 21, 2019

Conversation

Projects
None yet
2 participants
@kmerz
Copy link
Member

kmerz commented Mar 6, 2019

Description

Prior to this change, a named grok pattern containing a OR like

(%{INT:login}|%{WORD:login}})

would result in array like

[null, found]

This change will flatten the result (remove the null) and
only print the single left value instead of the array like
syntax:

found.

Fixes: #4773

How Has This Been Tested?

  • Add first grok pattern {name: "TEST1", pattern: "test1"}
  • Add second pattern {name; "TEST2", pattern: "test2"}
  • Add a extractor using the patterns: (%{TEST1:found}|%{TEST2:found})
  • Send a gelf message containing a message containing test1
  • Look that extractor result is found: test1
  • Send a gelf message containing a message containing test2
  • Look that extractor result is found: test2

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@kmerz kmerz added this to the 3.1.0 milestone Mar 6, 2019

@kmerz kmerz requested a review from bernd Mar 6, 2019

kmerz and others added some commits Mar 6, 2019

Flatten grok pattern result when applied with OR
Prior to this change, a named grok pattern containing a OR like

`(%{INT:login}|%{WORD:login}})`

would result in array like

`[null, found]`

This change will flatten the result (remove the null) and
only print the single left value instead of the array like
syntax:

`found`.
Add test for issue #4773
This checks that extractors actually use ".captureFlattened()".

@bernd bernd force-pushed the issue-4773 branch from 65889a9 to 9ddb0d1 Mar 21, 2019

@bernd

bernd approved these changes Mar 21, 2019

@bernd bernd merged commit df01d7d into master Mar 21, 2019

3 of 4 checks passed

continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
ci-web-linter Jenkins build graylog-pr-linter-check 3478 has succeeded
Details
graylog-project/pr Jenkins build graylog-project-pr-snapshot 3481 has succeeded
Details
license/cla Contributor License Agreement is signed.
Details

@bernd bernd deleted the issue-4773 branch Mar 21, 2019

kmerz added a commit that referenced this pull request Mar 21, 2019

Flatten grok pattern result when applied with OR (#5749)
* Flatten grok pattern result when applied with OR

Prior to this change, a named grok pattern containing a OR like

`(%{INT:login}|%{WORD:login}})`

would result in array like

`[null, found]`

This change will flatten the result (remove the null) and
only print the single left value instead of the array like
syntax:

`found`.

* Add test for issue #4773

This checks that extractors actually use ".captureFlattened()".

bernd added a commit that referenced this pull request Mar 21, 2019

Flatten grok pattern result when applied with OR (#5749) (#5790)
* Flatten grok pattern result when applied with OR

Prior to this change, a named grok pattern containing a OR like

`(%{INT:login}|%{WORD:login}})`

would result in array like

`[null, found]`

This change will flatten the result (remove the null) and
only print the single left value instead of the array like
syntax:

`found`.

* Add test for issue #4773

This checks that extractors actually use ".captureFlattened()".
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.