github-mirrors/logstash
1
0
Fork 0
mirror of https://github.com/elastic/logstash.git synced 2025-04-24 06:37:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

- Convert test/logstash/filters/test_grok.rb to the new rspec/logstash

Browse source 
config sample tests (LOGSTASH-579)
This commit is contained in:
Jordan Sissel 2012-08-31 02:48:13 -04:00
parent 500c1fc620
commit 87d9295313
1 changed files with 172 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

172
spec/filters/grok.rb Normal file
View file

@ -0,0 +1,172 @@
require "test_utils"
require "logstash/filters/grok"
describe LogStash::Filters::Grok do
extend LogStash::RSpec
describe "simple syslog line" do
# The logstash config goes here.
# At this time, only filters are supported.
config <<-CONFIG
filter {
grok {
pattern => "%{SYSLOGLINE}"
singles => true
}
}
CONFIG
sample "Mar 16 00:01:25 evita postfix/smtpd[1713]: connect from camomile.cloud9.net[168.100.1.3]" do
reject { subject["@tags"] }.include?("_grokparsefailure")
insist { subject["logsource"] } == "evita"
insist { subject["timestamp"] } == "Mar 16 00:01:25"
insist { subject["message"] } == "connect from camomile.cloud9.net[168.100.1.3]"
insist { subject["program"] } == "postfix/smtpd"
insist { subject["pid"] } == "1713"
end
end
describe "parsing an event with multiple messages (array of strings)" do
config <<-CONFIG
filter {
grok {
pattern => "(?:hello|world) %{NUMBER}"
named_captures_only => false
}
}
CONFIG
sample({ "@message" => [ "hello 12345", "world 23456" ] }) do
insist { subject["NUMBER"] } == [ "12345", "23456" ]
end
end
describe "coercing matched values" do
config <<-CONFIG
filter {
grok {
pattern => "%{NUMBER:foo:int} %{NUMBER:bar:float}"
singles => true
}
}
CONFIG
sample "400 454.33" do
insist { subject["foo"] } == 400
insist { subject["foo"] }.is_a?(Fixnum)
insist { subject["bar"] } == 454.33
insist { subject["bar"] }.is_a?(Float)
end
end
describe "in-line pattern definitions" do
config <<-CONFIG
filter {
grok {
pattern => "%{FIZZLE=\\d+}"
named_captures_only => false
singles => true
}
}
CONFIG
sample "hello 1234" do
insist { subject["FIZZLE"] } == "1234"
end
end
describe "processing fields other than @message" do
config <<-CONFIG
filter {
grok {
pattern => "%{WORD:word}"
match => [ "examplefield", "%{NUMBER:num}" ]
break_on_match => false
singles => true
}
}
CONFIG
sample({ "@message" => "hello world", "@fields" => { "examplefield" => "12345" } }) do
insist { subject["examplefield"] } == "12345"
insist { subject["word"] } == "hello"
end
end
describe "adding fields on match" do
config <<-CONFIG
filter {
grok {
pattern => "matchme %{NUMBER:fancy}"
singles => true
add_field => [ "new_field", "%{fancy}" ]
}
}
CONFIG
sample "matchme 1234" do
reject { subject["@tags"] }.include?("_grokparsefailure")
insist { subject["new_field"] } == ["1234"]
end
sample "this will not be matched" do
insist { subject["@tags"] }.include?("_grokparsefailure")
reject { subject }.include?("new_field")
end
end
context "empty fields" do
describe "drop by default" do
config <<-CONFIG
filter {
grok {
pattern => "1=%{WORD:foo1} *(2=%{WORD:foo2})?"
}
}
CONFIG
sample "1=test" do
reject { subject["@tags"] }.include?("_grokparsefailure")
insist { subject }.include?("foo1")
# Since 'foo2' was not captured, it must not be present in the event.
reject { subject }.include?("foo2")
end
end
describe "keep if keep_empty_captures is true" do
config <<-CONFIG
filter {
grok {
pattern => "1=%{WORD:foo1} *(2=%{WORD:foo2})?"
keep_empty_captures => true
}
}
CONFIG
sample "1=test" do
reject { subject["@tags"] }.include?("_grokparsefailure")
insist { subject }.include?("foo1")
insist { subject }.include?("foo2")
end
end
end
describe "when named_captures_only == false" do
config <<-CONFIG
filter {
grok {
pattern => "Hello %{WORD}. %{WORD:foo}"
named_captures_only => false
}
}
CONFIG
sample "Hello World, yo!" do
insist { subject }.include?("WORD")
insist { subject["WORD"] } == "World"
insist { subject }.include?("foo")
insist { subject["foo"] } == "yo"
end
end
end