Closed cryptix closed 9 years ago
Okay so I ran into this as well and narrowed it down to https://github.com/strace/sequence/blob/cdf9721c45774d990e7222bedc7cb303140c2cd3/scanner.go#L276-L280
Because the scanner runs out of tokens, that block of code never runs if the %time%
field is the last field in the log line.
You can demonstrate this by adding another token to the end of the line, and it starts working :-1:
I don't understand the scanner that well so not sure as to the best fix, sorry
So @alexzorin is correct. The scanner ran out of tokens to evaluate so never got to the the leaf of the timeFSM. I added a check before returning the final token to see if the last token is a time token.
Also added these messages to both scanner_test.go and parser_test.go for future testing.
Thanks for checking this out and reporting the bug!
Hi,
do you have an idea why these rules don't match these messages?
the rules work perfectly, except for the
%time%
at the end.