search

logstash-plugins / logstash-filter-grok

Grok plugin to parse unstructured (log) data into something structured.
https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html
Apache License 2.0
122 stars 97 forks source link

[Test Failure] Syslog grok tests are failing on Logstash 8.x #178

Open robbavey opened 2 years ago

robbavey commented 2 years ago

A number of syslog specs are failing on Logstash 8.x: 

logstash_1_4ac9a179a5f3 |   1) LogStash::Filters::Grok ietf 5424 syslog line <191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug - - [id1 foo="bar"] No process ID. groks
logstash_1_4ac9a179a5f3 |      Failure/Error: expect( event.get("syslog5424_pri") ).to eql "191"
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        expected: "191"
logstash_1_4ac9a179a5f3 |             got: nil
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        (compared using eql?)
logstash_1_4ac9a179a5f3 |      # ./spec/filters/grok_spec.rb:97:in `block in <main>'
logstash_1_4ac9a179a5f3 | 
logstash_1_4ac9a179a5f3 |   2) LogStash::Filters::Grok ietf 5424 syslog line <30>1 2014-04-04T16:44:07+02:00 osctrl01 - 8048 - -  Appname is nil groks
logstash_1_4ac9a179a5f3 |      Failure/Error: expect( event.get("syslog5424_pri") ).to eql "30"
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        expected: "30"
logstash_1_4ac9a179a5f3 |             got: nil
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        (compared using eql?)
logstash_1_4ac9a179a5f3 |      # ./spec/filters/grok_spec.rb:178:in `block in <main>'
logstash_1_4ac9a179a5f3 | 
logstash_1_4ac9a179a5f3 |   3) LogStash::Filters::Grok ietf 5424 syslog line <191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug - - - No PID or SD. groks
logstash_1_4ac9a179a5f3 |      Failure/Error: expect( event.get("syslog5424_pri") ).to eql "191"
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        expected: "191"
logstash_1_4ac9a179a5f3 |             got: nil
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        (compared using eql?)
logstash_1_4ac9a179a5f3 |      # ./spec/filters/grok_spec.rb:123:in `block in <main>'
logstash_1_4ac9a179a5f3 | 
logstash_1_4ac9a179a5f3 |   4) LogStash::Filters::Grok ietf 5424 syslog line <191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - - No structured data. groks
logstash_1_4ac9a179a5f3 |      Failure/Error: expect( event.get("syslog5424_pri") ).to eql "191"
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        expected: "191"
logstash_1_4ac9a179a5f3 |             got: nil
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        (compared using eql?)
logstash_1_4ac9a179a5f3 |      # ./spec/filters/grok_spec.rb:110:in `block in <main>'
logstash_1_4ac9a179a5f3 | 
logstash_1_4ac9a179a5f3 |   5) LogStash::Filters::Grok ietf 5424 syslog line <191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - [id1 foo="bar"][id2 baz="something"] Hello, syslog. groks
logstash_1_4ac9a179a5f3 |      Failure/Error: expect( event.get("syslog5424_pri") ).to eql "191"
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        expected: "191"
logstash_1_4ac9a179a5f3 |             got: nil
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        (compared using eql?)
logstash_1_4ac9a179a5f3 |      # ./spec/filters/grok_spec.rb:84:in `block in <main>'
logstash_1_4ac9a179a5f3 | 
logstash_1_4ac9a179a5f3 |   6) LogStash::Filters::Grok ietf 5424 syslog line <191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug  4123 - - Additional spaces. groks
logstash_1_4ac9a179a5f3 |      Failure/Error: expect( event.get("syslog5424_app") ).to eql "grokdebug"
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        expected: "grokdebug"
logstash_1_4ac9a179a5f3 |             got: nil
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        (compared using eql?)
logstash_1_4ac9a179a5f3 |      # ./spec/filters/grok_spec.rb:146:in `block in <main>'
logstash_1_4ac9a179a5f3 | 
logstash_1_4ac9a179a5f3 |   7) LogStash::Filters::Grok ietf 5424 syslog line <191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug  4123 -  Additional spaces and missing SD. groks
logstash_1_4ac9a179a5f3 |      Failure/Error: expect( event.get("syslog5424_app") ).to eql "grokdebug"
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        expected: "grokdebug"
logstash_1_4ac9a179a5f3 |             got: nil
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        (compared using eql?)
logstash_1_4ac9a179a5f3 |      # ./spec/filters/grok_spec.rb:156:in `block in <main>'
logstash_1_4ac9a179a5f3 | 
logstash_1_4ac9a179a5f3 |   8) LogStash::Filters::Grok ietf 5424 syslog line <30>1 2014-04-04T16:44:07+02:00 osctrl01 dnsmasq-dhcp 8048 - -  Appname contains a dash groks
logstash_1_4ac9a179a5f3 |      Failure/Error: expect( event.get("syslog5424_pri") ).to eql "30"
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        expected: "30"
logstash_1_4ac9a179a5f3 |             got: nil
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        (compared using eql?)
logstash_1_4ac9a179a5f3 |      # ./spec/filters/grok_spec.rb:165:in `block in <main>'
logstash_1_4ac9a179a5f3 | 
logstash_1_4ac9a179a5f3 |   9) LogStash::Filters::Grok ietf 5424 syslog line <191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 -  Missing structured data. groks
logstash_1_4ac9a179a5f3 |      Failure/Error: expect( event.get("syslog5424_proc") ).to eql '4123'
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        expected: "4123"
logstash_1_4ac9a179a5f3 |             got: nil
logstash_1_4ac9a179a5f3 |      
logstash_1_4ac9a179a5f3 |        (compared using eql?)
logstash_1_4ac9a179a5f3 |      # ./spec/filters/grok_spec.rb:137:in `block in <main>'
logstash_1_4ac9a179a5f3 | 
logstash_1_4ac9a179a5f3 |   10) LogStash::Filters::Grok simple syslog line matches pattern
logstash_1_4ac9a179a5f3 |       Failure/Error: expect( event.get("logsource") ).to eql "evita"
logstash_1_4ac9a179a5f3 |       
logstash_1_4ac9a179a5f3 |         expected: "evita"
logstash_1_4ac9a179a5f3 |              got: nil
logstash_1_4ac9a179a5f3 |       
logstash_1_4ac9a179a5f3 |         (compared using eql?)
logstash_1_4ac9a179a5f3 |       # ./spec/filters/grok_spec.rb:34:in `block in <main>'
logstash_1_4ac9a179a5f3 | 
logstash_1_4ac9a179a5f3 |   11) LogStash::Filters::Grok simple syslog line with target matches pattern
logstash_1_4ac9a179a5f3 |       Failure/Error: expect( event.get("[grok][pid]") ).to eql "1713"
logstash_1_4ac9a179a5f3 |       
logstash_1_4ac9a179a5f3 |         expected: "1713"
logstash_1_4ac9a179a5f3 |              got: nil
logstash_1_4ac9a179a5f3 |       
logstash_1_4ac9a179a5f3 |         (compared using eql?)
logstash_1_4ac9a179a5f3 |       # ./spec/filters/grok_spec.rb:62:in `block in <main>'
logstash_1_4ac9a179a5f3 | 
logstash_1_4ac9a179a5f3 |   12) LogStash::Filters::Grok simple syslog line with [deep] target matches pattern
logstash_1_4ac9a179a5f3 |       Failure/Error: expect( event.get("[@metadata][grok][logsource]") ).to eql "evita"
logstash_1_4ac9a179a5f3 |       
logstash_1_4ac9a179a5f3 |         expected: "evita"
logstash_1_4ac9a179a5f3 |              got: nil
logstash_1_4ac9a179a5f3 |       
logstash_1_4ac9a179a5f3 |         (compared using eql?)
logstash_1_4ac9a179a5f3 |       # ./spec/filters/grok_spec.rb:73:in `block in <main>'
logstash_1_4ac9a179a5f3 | 
logstash_1_4ac9a179a5f3 | Finished in 1 minute 52.28 seconds (files took 11.59 seconds to load)
logstash_1_4ac9a179a5f3 | 105 examples, 12 failures
logstash_1_4ac9a179a5f3 | 
logstash_1_4ac9a179a5f3 | Failed examples:
logstash_1_4ac9a179a5f3 | 
logstash_1_4ac9a179a5f3 | rspec ./spec/filters/grok_spec.rb:95 # LogStash::Filters::Grok ietf 5424 syslog line <191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug - - [id1 foo="bar"] No process ID. groks
logstash_1_4ac9a179a5f3 | rspec ./spec/filters/grok_spec.rb:176 # LogStash::Filters::Grok ietf 5424 syslog line <30>1 2014-04-04T16:44:07+02:00 osctrl01 - 8048 - -  Appname is nil groks
logstash_1_4ac9a179a5f3 | rspec ./spec/filters/grok_spec.rb:121 # LogStash::Filters::Grok ietf 5424 syslog line <191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug - - - No PID or SD. groks
logstash_1_4ac9a179a5f3 | rspec ./spec/filters/grok_spec.rb:108 # LogStash::Filters::Grok ietf 5424 syslog line <191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - - No structured data. groks
logstash_1_4ac9a179a5f3 | rspec ./spec/filters/grok_spec.rb:82 # LogStash::Filters::Grok ietf 5424 syslog line <191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - [id1 foo="bar"][id2 baz="something"] Hello, syslog. groks
logstash_1_4ac9a179a5f3 | rspec ./spec/filters/grok_spec.rb:143 # LogStash::Filters::Grok ietf 5424 syslog line <191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug  4123 - - Additional spaces. groks
logstash_1_4ac9a179a5f3 | rspec ./spec/filters/grok_spec.rb:153 # LogStash::Filters::Grok ietf 5424 syslog line <191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug  4123 -  Additional spaces and missing SD. groks
logstash_1_4ac9a179a5f3 | rspec ./spec/filters/grok_spec.rb:163 # LogStash::Filters::Grok ietf 5424 syslog line <30>1 2014-04-04T16:44:07+02:00 osctrl01 dnsmasq-dhcp 8048 - -  Appname contains a dash groks
logstash_1_4ac9a179a5f3 | rspec ./spec/filters/grok_spec.rb:134 # LogStash::Filters::Grok ietf 5424 syslog line <191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 -  Missing structured data. groks
logstash_1_4ac9a179a5f3 | rspec ./spec/filters/grok_spec.rb:32 # LogStash::Filters::Grok simple syslog line matches pattern
logstash_1_4ac9a179a5f3 | rspec ./spec/filters/grok_spec.rb:56 # LogStash::Filters::Grok simple syslog line with target matches pattern
logstash_1_4ac9a179a5f3 | rspec ./spec/filters/grok_spec.rb:69 # LogStash::Filters::Grok simple syslog line with [deep] target matches pattern

Example Failure: https://app.travis-ci.com/github/logstash-plugins/logstash-filter-grok/jobs/570386701