Add failing test for Postfix patterns

thekrakken / java-grok

Simple API that allows you to easily parse logs and other files

http://grok.nflabs.com/

Other

358 stars 152 forks source link

Add failing test for Postfix patterns #67

Closed joschi closed 7 years ago

joschi commented 7 years ago

The Postfix grok patterns have been downloaded from: https://github.com/whyscream/postfix-grok-patterns/blob/f0ec34dcc6250463a30ba2077d8afa89ee1a17a1/postfix.grok

Refs #66 Refs Graylog2/graylog2-server#3949

retoo commented 7 years ago

@joschi you were missing some rules and GROK didn't abort correctly. In case of non named groups it would just have rendered a regexp with 'null' as pattern. (Which is nonsense).

You can fix your case by adding grok.addPatternFromFile("patterns/patterns"); or by manually defining something for the key 'INT'.

My PR https://github.com/thekrakken/java-grok/issues/69 improves the error messages in these cases.

joschi commented 7 years ago

@retoo Great, thanks for finding this!

joschi commented 7 years ago

Fixed by #69.