groktest

command module

v0.0.0-...-45b6f88 Latest Latest Go to latest Published: May 21, 2022 License: BSD-3-Clause Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kortschak/groktest

Links

Open Source Insights

README ¶

`groktest`

The groktest command provides a command line interface for quickly testing Elasticsearch ingest pipeline grok processors.

groktest requires that the grok tool be in your $PATH. grok can be installed using your preferred package manager, for example apt install grok or brew install grok.

Example

Grab a grok processor fragment from a pipeline.

grok:
  patterns:
  - "%{IPV4:net.ip:ip}/%{MASK:net.cidr:int}"
  - "%{IPV6:net.ip:ip}/%{MASK:net.cidr:int}"
  pattern_definitions:
    MASK: "[0-9]+"

and a file to examine

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever

Then either run as one shot which will get all the matches.

$ groktest -grok ip4.yaml -in addr.text
{ "@LINE": "    inet 127.0.0.1\/8 scope host lo", "@MATCH": "127.0.0.1\/8", "IPV4:net_ip_ip": "127.0.0.1", "MASK:net_cidr_int": "8" }
{ "@LINE": "    inet6 ::1\/128 scope host ", "@MATCH": "::1\/128", "IPV6:net_ip_ip": "::1", "MASK:net_cidr_int": "128" }

or run the program requiring that all lines match

$ groktest -grok ip4.yaml -in addr.text -all
no match: 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
no match:     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
{ "@LINE": "    inet 127.0.0.1\/8 scope host lo", "@MATCH": "127.0.0.1\/8", "IPV4:net_ip_ip": "127.0.0.1", "MASK:net_cidr_int": "8" }
no match:        valid_lft forever preferred_lft forever
{ "@LINE": "    inet6 ::1\/128 scope host ", "@MATCH": "::1\/128", "IPV6:net_ip_ip": "::1", "MASK:net_cidr_int": "128" }
no match:        valid_lft forever preferred_lft forever
2022/04/22 18:14:03 grok failed: failed to match all inputs
exit status 1

which will give a non-zero exit status for any mismatch and will highlight lines that do not match.

To avoid having to cut text from a pipeline, it is possible to specify a line in a pipeline description like so, groktest -grok file.yaml:<line>. The specified line must be the first line of the grok processor.

Note

Semantics are partially retained, but are mangled to prevent truncation by grok, for example above IPV6:net.ip:ip becomes IPV6:net_ip_ip. This may change in future. The output format is subject to change and should not be relied upon.

The underlying grok implementation does not support multi-line matching, so while groktest won't choke on grok processors that contain multi-line patterns, the results will not include matches over lines.

Documentation ¶

Overview ¶

The groktest command provides a command line interface for quickly testing Elasticsearch ingest pipeline grok processors.

Source Files ¶

View all Source files

main.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL