-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path10_basic.yml
100 lines (97 loc) · 2.99 KB
/
10_basic.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
---
requires:
stack: true
serverless: false
---
setup:
- do:
indices.create:
index: airlines
body:
mappings:
properties:
message:
type: text
- do:
bulk:
refresh: true
body:
- index:
_index: airlines
- message: "{\"airline\": \"AAL\", \"responsetime\": 132.2046, \"sourcetype\": \"text-structure-test\", \"time\": 1403481600}"
- index:
_index: airlines
- message: "{\"airline\": \"JZA\", \"responsetime\": 990.4628, \"sourcetype\": \"text-structure-test\", \"time\": 1403481700}"
- index:
_index: airlines
- message: "{\"airline\": \"AAL\", \"responsetime\": 134.2046, \"sourcetype\": \"text-structure-test\", \"time\": 1403481800}"
---
teardown:
- do:
indices.delete:
index: airlines
---
"Field structure finder with JSON messages":
- do:
text_structure.find_field_structure:
index: airlines
field: message
documents_to_sample: 3
timeout: 10s
- match: { num_lines_analyzed: 3 }
- match: { num_messages_analyzed: 3 }
- match: { charset: "UTF-8" }
- do:
text_structure.find_message_structure:
timeout: 10s
body:
messages:
- "{\"airline\": \"AAL\", \"responsetime\": 132.2046, \"sourcetype\": \"text-structure-test\", \"time\": 1403481600}"
- "{\"airline\": \"JZA\", \"responsetime\": 990.4628, \"sourcetype\": \"text-structure-test\", \"time\": 1403481700}"
- "{\"airline\": \"AAL\", \"responsetime\": 134.2046, \"sourcetype\": \"text-structure-test\", \"time\": 1403481800}"
- match: { num_lines_analyzed: 3 }
- match: { num_messages_analyzed: 3 }
- match: { charset: "UTF-8" }
- do:
headers:
Content-Type: "application/json"
text_structure.find_structure:
lines_to_sample: 3
line_merge_size_limit: 1234
timeout: 10s
body:
- airline: AAL
responsetime: 132.2046
sourcetype: text-structure-test
time: 1403481600
- airline: JZA
responsetime: 990.4628
sourcetype: text-structure-test
time: 1403481700
- airline: AAL
responsetime: 134.2046
sourcetype: text-structure-test
time: 1403481800
- match: { num_lines_analyzed: 3 }
- match: { num_messages_analyzed: 3 }
- match: { charset: "UTF-8" }
- do:
text_structure.test_grok_pattern:
body:
grok_pattern: "%{WORD}.*%{WORD:first_name} %{WORD:last_name}!"
text:
- "Hello Dave Roberts!"
- "this does not match"
- match:
matches:
- matched: true
fields:
first_name:
- match: Dave
offset: 8
length: 4
last_name:
- match: Roberts
offset: 13
length: 7
- matched: false