From d60fd599de1086920ae0468e0b4e7c1399edc98e Mon Sep 17 00:00:00 2001 From: Isha Shree Date: Tue, 31 Mar 2026 19:37:13 +0000 Subject: [PATCH] dummy commit for parser validation --- README.md | 2 + .../DUMMY_LOGTYPE/cbn/dummy_logtype.conf | 84 +++++++++++++++++++ .../community/DUMMY_LOGTYPE/cbn/metadata.json | 7 ++ .../testdata/expected_events/test_events.json | 38 +++++++++ .../expected_events/usecase1_events.json | 38 +++++++++ .../cbn/testdata/raw_logs/test_log.json | 6 ++ .../cbn/testdata/raw_logs/usecase1_log.json | 6 ++ docs/contributing.md | 2 + 8 files changed, 183 insertions(+) create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json diff --git a/README.md b/README.md index a7b30f535..c5075e8be 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,8 @@ > **Note:** At this time, only response integration and playbook content is supported via this contribution > workflow. We expect to expand support to other critical content types in the near future. + + 👋 Hello and welcome! This repository is the central hub for a wide array of community-contributed content intended to diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf new file mode 100644 index 000000000..5a2eb8d06 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf @@ -0,0 +1,84 @@ +filter { + mutate { + replace => { + "event_data" => "" + "productlogid" => "" + "kv_msg" => "" + "msg" => "" + "deviceCustomDate1" => "" + "rt" => "" + } + } + + grok { + match => { + "message" => [ + "%{GREEDYDATA:event_data} \\| %{GREEDYDATA:kv_msg}" + ] + } + overwrite => ["event_data" ,"msg" ,"kv_msg"] + on_error => "grok_failure" + } + + mutate { + gsub => ["kv_msg", " ([a-zA-Z0-9]+=)","#$1"] + } + + kv { + source => "kv_msg" + field_split => "#" + value_split => "=" + on_error => "kv_failure" + } + + mutate { + replace => { + "event_type" => "GENERIC_EVENT" + } + } + + if [msg] != "" { + mutate { + replace => { + "msg_label.value.string_value" => "%{msg}" + } + on_error => "msg_empty" + } + if ![msg_empty] { + mutate { + replace => { + "msg_label.key" => "msg" + } + } + mutate { + merge => { + "event.idm.read_only_udm.additional.fields" => "msg_label" + } + on_error => "msg_label_empty" + } + } + } + + if [event_data] != "" { + mutate { + replace => { + "event.idm.read_only_udm.metadata.description" => "%{event_data}" + } + on_error => "event_data_empty" + } + } + + mutate { + rename => { + "event_type" => "event.idm.read_only_udm.metadata.event_type" + } + } + + mutate { + merge => { + "@output" => "event" + } + } + +} + diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json new file mode 100644 index 000000000..bf0219796 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -0,0 +1,7 @@ +{ + "product": "DUMMY Product", + "vendor": "Test Vendor", + "description": "Some sort of product from this vendorr.", + "log_type": "DUMMY_LOGTYPE", + "verified": true +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json new file mode 100644 index 000000000..2d2da07d1 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json @@ -0,0 +1,38 @@ +{ + "events": [ + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:31." + } + } + } + } + }, + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:32." + } + } + } + } + } + ] +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json new file mode 100644 index 000000000..2d2da07d1 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json @@ -0,0 +1,38 @@ +{ + "events": [ + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:31." + } + } + } + } + }, + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:32." + } + } + } + } + } + ] +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json new file mode 100644 index 000000000..c5dd6dfa0 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json @@ -0,0 +1,6 @@ +{ + "raw_logs": [ + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:32." + ] +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json new file mode 100644 index 000000000..c5dd6dfa0 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json @@ -0,0 +1,6 @@ +{ + "raw_logs": [ + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:32." + ] +} diff --git a/docs/contributing.md b/docs/contributing.md index 1cc5d87df..31e307039 100644 --- a/docs/contributing.md +++ b/docs/contributing.md @@ -53,6 +53,8 @@ with your changes to the main repository's main branch. ### Code Reviews + + All submissions, including submissions by project members, require review. We use [GitHub pull requests](https://docs.github.com/articles/about-pull-requests) for this purpose.