search

aquasecurity / tracee

Linux Runtime Security and Forensics using eBPF
https://aquasecurity.github.io/tracee/latest
Apache License 2.0
3.64k stars 421 forks source link

No SPRIG Functions useable in output: gotemplate #4363

Open HenrikWittemeier opened 1 month ago

HenrikWittemeier commented 1 month ago

Description

I try to change the output format of the Tracee events. Therefore i need the usage of Sprig functions which should be possible according to the Documentation https://github.com/aquasecurity/tracee/blob/ab6344fe82ce2d0f631ccea606f851864f09dc31/docs/docs/outputs/output-formats.md?plain=1#L114 But even if i choose an example goTemplate for parsing:


values.yml
configFile: |-
  output:
    gotemplate:
      template: /tracee/templates/rawjson.tmpl
      files:
        - stdout

I get following error:

Error: printer.(*templateEventPrinter).Init: template: rawjson.tmpl:1: function "toJson" not defined

Output of tracee version:

Tracee Version v0.22.0

Output of uname -a:

Linux tracee-hqmbk 6.8.0-45-generic #45-Ubuntu SMP PREEMPT_DYNAMIC Fri Aug 30 12:02:04 UTC 2024 x86_64 GNU/Linux

Thank you your great support :1st_place_medal:

rscampos commented 1 month ago

@HenrikWittemeier thank you to report this... will have a look on this as soon as possible