A note for the community
- Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Problem
Discovered an issue with parse_groks:
> vector --version
vector 0.24.1 (x86_64-apple-darwin 8935681 2022-09-12)
> vector vrl
...
$ parse_groks!("4127 Register", ["%{NUMBER:.zeek.sip.sequence.number}"])
function call error for "parse_groks" at (0:70): unable to parse grok: value does not match any rule
$ parse_grok!("4127 Register", "%{NUMBER:.zeek.sip.sequence.number}")
{ ".zeek.sip.sequence.number": "4127" }
I believe parse_grok was migrated internally to call parse_groks with a single [pattern], so this seems like a bug for one to work and not the other. Also, isn't the parse_groks fn supposed to default to nested values, so this should return something like e.g.:
{ ".zeek.": { "sip": {"sequence": { "number": "4127" } } } }
can you please take a look? Thanks!
Configuration
> vector --version
vector 0.24.1 (x86_64-apple-darwin 8935681 2022-09-12)
Version
0.24.1
Debug Output
No response
Example Data
No response
Additional Context
No response
References
No response
A note for the community
Problem
Discovered an issue with
parse_groks:I believe
parse_grokwas migrated internally to callparse_grokswith a single[pattern], so this seems like a bug for one to work and not the other. Also, isn't the parse_groks fn supposed to default to nested values, so this should return something like e.g.:can you please take a look? Thanks!
Configuration
Version
0.24.1
Debug Output
No response
Example Data
No response
Additional Context
No response
References
No response