From 510af3d570e67b112bed83e96f7eb81e6b61f151 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Thu, 5 Mar 2026 11:40:17 +0530 Subject: [PATCH 01/33] Added test cases --- .../DUMMY_LOGTYPE/cbn/dummy_logtype.conf | 83 +++++++++++++++++++ .../community/DUMMY_LOGTYPE/cbn/metadata.json | 5 ++ .../testdata/expected_events/test_events.json | 38 +++++++++ .../expected_events/usecase1_events.json | 38 +++++++++ .../cbn/testdata/raw_logs/test_log.json | 6 ++ .../cbn/testdata/raw_logs/usecase1_log.json | 6 ++ .../DUMMY_LOGTYPE2/cbn/dummy_logtype2.conf | 83 +++++++++++++++++++ .../DUMMY_LOGTYPE2/cbn/metadata.json | 5 ++ .../testdata/expected_events/test_events.json | 38 +++++++++ .../expected_events/usecase1_events.json | 38 +++++++++ .../cbn/testdata/raw_logs/test_log.json | 6 ++ .../cbn/testdata/raw_logs/usecase1_log.json | 6 ++ 12 files changed, 352 insertions(+) create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/dummy_logtype2.conf create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/test_events.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/usecase1_events.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/test_log.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/usecase1_log.json diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf new file mode 100644 index 000000000..a72e91f06 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf @@ -0,0 +1,83 @@ +filter { + mutate { + replace => { + "event_data" => "" + "productlogid" => "" + "kv_msg" => "" + "msg" => "" + "deviceCustomDate1" => "" + "rt" => "" + } + } + + grok { + match => { + "message" => [ + "%{GREEDYDATA:event_data} \\| %{GREEDYDATA:kv_msg}" + ] + } + overwrite => ["event_data" ,"msg" ,"kv_msg"] + on_error => "grok_failure" + } + + mutate { + gsub => ["kv_msg", " ([a-zA-Z0-9]+=)","#$1"] + } + + kv { + source => "kv_msg" + field_split => "#" + value_split => "=" + on_error => "kv_failure" + } + + mutate { + replace => { + "event_type" => "GENERIC_EVENT" + } + } + + if [msg] != "" { + mutate { + replace => { + "msg_label.value.string_value" => "%{msg}" + } + on_error => "msg_empty" + } + if ![msg_empty] { + mutate { + replace => { + "msg_label.key" => "msg" + } + } + mutate { + merge => { + "event.idm.read_only_udm.additional.fields" => "msg_label" + } + on_error => "msg_label_empty" + } + } + } + + if [event_data] != "" { + mutate { + replace => { + "event.idm.read_only_udm.metadata.description" => "%{event_data}" + } + on_error => "event_data_empty" + } + } + + mutate { + rename => { + "event_type" => "event.idm.read_only_udm.metadata.event_type" + } + } + + mutate { + merge => { + "@output" => "event" + } + } +} + diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json new file mode 100644 index 000000000..b9a886065 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -0,0 +1,5 @@ +{ + "productName": "DUMMY Product", + "vendorName": "Test Vendor", + "description": "Some sort of product from this vendorrr." +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json new file mode 100644 index 000000000..bdfa3f073 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json @@ -0,0 +1,38 @@ +{ + "events": [ + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:33." + } + } + } + } + }, + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:34." + } + } + } + } + } + ] +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json new file mode 100644 index 000000000..bdfa3f073 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json @@ -0,0 +1,38 @@ +{ + "events": [ + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:33." + } + } + } + } + }, + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:34." + } + } + } + } + } + ] +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json new file mode 100644 index 000000000..8e806cd7b --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json @@ -0,0 +1,6 @@ +{ + "raw_logs": [ + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:33." + ] +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json new file mode 100644 index 000000000..c5dd6dfa0 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json @@ -0,0 +1,6 @@ +{ + "raw_logs": [ + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:32." + ] +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/dummy_logtype2.conf b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/dummy_logtype2.conf new file mode 100644 index 000000000..a72e91f06 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/dummy_logtype2.conf @@ -0,0 +1,83 @@ +filter { + mutate { + replace => { + "event_data" => "" + "productlogid" => "" + "kv_msg" => "" + "msg" => "" + "deviceCustomDate1" => "" + "rt" => "" + } + } + + grok { + match => { + "message" => [ + "%{GREEDYDATA:event_data} \\| %{GREEDYDATA:kv_msg}" + ] + } + overwrite => ["event_data" ,"msg" ,"kv_msg"] + on_error => "grok_failure" + } + + mutate { + gsub => ["kv_msg", " ([a-zA-Z0-9]+=)","#$1"] + } + + kv { + source => "kv_msg" + field_split => "#" + value_split => "=" + on_error => "kv_failure" + } + + mutate { + replace => { + "event_type" => "GENERIC_EVENT" + } + } + + if [msg] != "" { + mutate { + replace => { + "msg_label.value.string_value" => "%{msg}" + } + on_error => "msg_empty" + } + if ![msg_empty] { + mutate { + replace => { + "msg_label.key" => "msg" + } + } + mutate { + merge => { + "event.idm.read_only_udm.additional.fields" => "msg_label" + } + on_error => "msg_label_empty" + } + } + } + + if [event_data] != "" { + mutate { + replace => { + "event.idm.read_only_udm.metadata.description" => "%{event_data}" + } + on_error => "event_data_empty" + } + } + + mutate { + rename => { + "event_type" => "event.idm.read_only_udm.metadata.event_type" + } + } + + mutate { + merge => { + "@output" => "event" + } + } +} + diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json new file mode 100644 index 000000000..e05e89211 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json @@ -0,0 +1,5 @@ +{ + "productName": "DUMMY Product", + "vendorName": "Test Vendor", + "description": "Some sort of product from this vendorrrrrr..." +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/test_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/test_events.json new file mode 100644 index 000000000..23b8e3664 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/test_events.json @@ -0,0 +1,38 @@ +{ + "events": [ + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:31." + } + } + } + } + }, + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:33." + } + } + } + } + } + ] +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/usecase1_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/usecase1_events.json new file mode 100644 index 000000000..23b8e3664 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/usecase1_events.json @@ -0,0 +1,38 @@ +{ + "events": [ + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:31." + } + } + } + } + }, + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:33." + } + } + } + } + } + ] +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/test_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/test_log.json new file mode 100644 index 000000000..8e806cd7b --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/test_log.json @@ -0,0 +1,6 @@ +{ + "raw_logs": [ + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:33." + ] +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/usecase1_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/usecase1_log.json new file mode 100644 index 000000000..8e806cd7b --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/usecase1_log.json @@ -0,0 +1,6 @@ +{ + "raw_logs": [ + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:33." + ] +} From 4756c615e466f9b5ef4ccc81b8b2ad7cddac3606 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 6 Mar 2026 19:02:14 +0530 Subject: [PATCH 02/33] Testing --- .../third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json index e05e89211..5ad0b5ceb 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json @@ -1,5 +1,5 @@ { "productName": "DUMMY Product", "vendorName": "Test Vendor", - "description": "Some sort of product from this vendorrrrrr..." + "description": "Some sort of product from this vendor." } From 57cda0eee1aa9b9ea98e72c262e4ab4d7cda07b5 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 6 Mar 2026 19:04:01 +0530 Subject: [PATCH 03/33] Testing --- .../DUMMY_LOGTYPE2/cbn/dummy_logtype2.conf | 83 ------------------- .../DUMMY_LOGTYPE2/cbn/metadata.json | 5 -- .../testdata/expected_events/test_events.json | 38 --------- .../expected_events/usecase1_events.json | 38 --------- .../cbn/testdata/raw_logs/test_log.json | 6 -- .../cbn/testdata/raw_logs/usecase1_log.json | 6 -- 6 files changed, 176 deletions(-) delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/dummy_logtype2.conf delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/test_events.json delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/usecase1_events.json delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/test_log.json delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/usecase1_log.json diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/dummy_logtype2.conf b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/dummy_logtype2.conf deleted file mode 100644 index a72e91f06..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/dummy_logtype2.conf +++ /dev/null @@ -1,83 +0,0 @@ -filter { - mutate { - replace => { - "event_data" => "" - "productlogid" => "" - "kv_msg" => "" - "msg" => "" - "deviceCustomDate1" => "" - "rt" => "" - } - } - - grok { - match => { - "message" => [ - "%{GREEDYDATA:event_data} \\| %{GREEDYDATA:kv_msg}" - ] - } - overwrite => ["event_data" ,"msg" ,"kv_msg"] - on_error => "grok_failure" - } - - mutate { - gsub => ["kv_msg", " ([a-zA-Z0-9]+=)","#$1"] - } - - kv { - source => "kv_msg" - field_split => "#" - value_split => "=" - on_error => "kv_failure" - } - - mutate { - replace => { - "event_type" => "GENERIC_EVENT" - } - } - - if [msg] != "" { - mutate { - replace => { - "msg_label.value.string_value" => "%{msg}" - } - on_error => "msg_empty" - } - if ![msg_empty] { - mutate { - replace => { - "msg_label.key" => "msg" - } - } - mutate { - merge => { - "event.idm.read_only_udm.additional.fields" => "msg_label" - } - on_error => "msg_label_empty" - } - } - } - - if [event_data] != "" { - mutate { - replace => { - "event.idm.read_only_udm.metadata.description" => "%{event_data}" - } - on_error => "event_data_empty" - } - } - - mutate { - rename => { - "event_type" => "event.idm.read_only_udm.metadata.event_type" - } - } - - mutate { - merge => { - "@output" => "event" - } - } -} - diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json deleted file mode 100644 index 5ad0b5ceb..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "productName": "DUMMY Product", - "vendorName": "Test Vendor", - "description": "Some sort of product from this vendor." -} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/test_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/test_events.json deleted file mode 100644 index 23b8e3664..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/test_events.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "events": [ - { - "event" : { - "timestamp": "2021-03-23T08:20:27.863384Z", - "idm": { - "read_only_udm": { - "metadata": { - "event_timestamp": "2021-03-23T08:20:27.863384Z", - "event_type": "GENERIC_EVENT", - "description": "No New Ingestion Activity" - }, - "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:31." - } - } - } - } - }, - { - "event" : { - "timestamp": "2021-03-23T08:20:27.863384Z", - "idm": { - "read_only_udm": { - "metadata": { - "event_timestamp": "2021-03-23T08:20:27.863384Z", - "event_type": "GENERIC_EVENT", - "description": "No New Ingestion Activity" - }, - "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:33." - } - } - } - } - } - ] -} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/usecase1_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/usecase1_events.json deleted file mode 100644 index 23b8e3664..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/usecase1_events.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "events": [ - { - "event" : { - "timestamp": "2021-03-23T08:20:27.863384Z", - "idm": { - "read_only_udm": { - "metadata": { - "event_timestamp": "2021-03-23T08:20:27.863384Z", - "event_type": "GENERIC_EVENT", - "description": "No New Ingestion Activity" - }, - "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:31." - } - } - } - } - }, - { - "event" : { - "timestamp": "2021-03-23T08:20:27.863384Z", - "idm": { - "read_only_udm": { - "metadata": { - "event_timestamp": "2021-03-23T08:20:27.863384Z", - "event_type": "GENERIC_EVENT", - "description": "No New Ingestion Activity" - }, - "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:33." - } - } - } - } - } - ] -} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/test_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/test_log.json deleted file mode 100644 index 8e806cd7b..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/test_log.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "raw_logs": [ - "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", - "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:33." - ] -} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/usecase1_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/usecase1_log.json deleted file mode 100644 index 8e806cd7b..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/usecase1_log.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "raw_logs": [ - "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", - "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:33." - ] -} From c0b2dd833c970ca87cfbfb01e0c3bd23e1150bdc Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 6 Mar 2026 19:10:34 +0530 Subject: [PATCH 04/33] klsadjfalk --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index b9a886065..8b37625d2 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -1,5 +1,5 @@ { "productName": "DUMMY Product", "vendorName": "Test Vendor", - "description": "Some sort of product from this vendorrr." + "description": "Some sort of product from this vendorrrr." } From c61a24fba46ceee1b5736e530fa5eda36d85b34b Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 6 Mar 2026 19:13:35 +0530 Subject: [PATCH 05/33] Update --- .../third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf index a72e91f06..5a2eb8d06 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf @@ -79,5 +79,6 @@ filter { "@output" => "event" } } + } From f22b17b44e9530d8be4b759860b22b6665c50d6a Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 6 Mar 2026 21:00:58 +0530 Subject: [PATCH 06/33] Updated metadata json --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index 8b37625d2..97e01f1f3 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -1,5 +1,6 @@ { "productName": "DUMMY Product", "vendorName": "Test Vendor", - "description": "Some sort of product from this vendorrrr." + "description": "Some sort of product from this vendorrrr.", + "logType": "DUMMY_LOGTYPE" } From ae4d96ea3826a02bb5d7494a6851818609e0f0d5 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 6 Mar 2026 21:02:24 +0530 Subject: [PATCH 07/33] Updated metadata json --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index 97e01f1f3..62a0f5bce 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -1,6 +1,6 @@ { - "productName": "DUMMY Product", - "vendorName": "Test Vendor", + "product": "DUMMY Product", + "vendor": "Test Vendor", "description": "Some sort of product from this vendorrrr.", "logType": "DUMMY_LOGTYPE" } From 13fb064411373d20889b02941a911512aa9f36cc Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 6 Mar 2026 21:03:28 +0530 Subject: [PATCH 08/33] Updated metadata json --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index 62a0f5bce..20799fb55 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -2,5 +2,6 @@ "product": "DUMMY Product", "vendor": "Test Vendor", "description": "Some sort of product from this vendorrrr.", - "logType": "DUMMY_LOGTYPE" + "logType": "DUMMY_LOGTYPE", + "lkajsdf": "asldkfj" } From fd6387d3344d8348cdac0e0d6dd485f55b826cbf Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 6 Mar 2026 21:04:17 +0530 Subject: [PATCH 09/33] Updated metadata json --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index 20799fb55..dee2641ad 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -2,6 +2,5 @@ "product": "DUMMY Product", "vendor": "Test Vendor", "description": "Some sort of product from this vendorrrr.", - "logType": "DUMMY_LOGTYPE", - "lkajsdf": "asldkfj" + "logType": "DUMMY_LOGTYPE2" } From 4105982b0d8c6569a6d935efe36ed1dbadc9368f Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 6 Mar 2026 21:04:46 +0530 Subject: [PATCH 10/33] Updated metadata json --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index dee2641ad..1569baab8 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -1,6 +1,5 @@ { "product": "DUMMY Product", "vendor": "Test Vendor", - "description": "Some sort of product from this vendorrrr.", - "logType": "DUMMY_LOGTYPE2" + "description": "Some sort of product from this vendorrrr." } From 1022c73929329b5ef3d59e8d246986abf499f17d Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 6 Mar 2026 21:22:39 +0530 Subject: [PATCH 11/33] Updated metadata json --- .../testdata/expected_events/test_events.json | 4 +- .../expected_events/usecase1_events.json | 4 +- .../cbn/testdata/raw_logs/test_log.json | 2 +- .../DUMMY_LOGTYPE2/dummy_logtype.conf | 84 +++++++++++++++++++ .../community/DUMMY_LOGTYPE2/metadata.json | 5 ++ .../testdata/expected_events/test_events.json | 38 +++++++++ .../expected_events/usecase1_events.json | 38 +++++++++ .../testdata/raw_logs/test_log.json | 6 ++ .../testdata/raw_logs/usecase1_log.json | 6 ++ 9 files changed, 182 insertions(+), 5 deletions(-) create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/dummy_logtype.conf create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/expected_events/test_events.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/expected_events/usecase1_events.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/raw_logs/test_log.json create mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/raw_logs/usecase1_log.json diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json index bdfa3f073..2d2da07d1 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json @@ -11,7 +11,7 @@ "description": "No New Ingestion Activity" }, "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:33." + "msg": "No reports have been ingested since MAR 23 2021 00:18:31." } } } @@ -28,7 +28,7 @@ "description": "No New Ingestion Activity" }, "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:34." + "msg": "No reports have been ingested since MAR 23 2021 00:18:32." } } } diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json index bdfa3f073..2d2da07d1 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json @@ -11,7 +11,7 @@ "description": "No New Ingestion Activity" }, "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:33." + "msg": "No reports have been ingested since MAR 23 2021 00:18:31." } } } @@ -28,7 +28,7 @@ "description": "No New Ingestion Activity" }, "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:34." + "msg": "No reports have been ingested since MAR 23 2021 00:18:32." } } } diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json index 8e806cd7b..c5dd6dfa0 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json @@ -1,6 +1,6 @@ { "raw_logs": [ "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", - "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:33." + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:32." ] } diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/dummy_logtype.conf b/content/parsers/third_party/community/DUMMY_LOGTYPE2/dummy_logtype.conf new file mode 100644 index 000000000..5a2eb8d06 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/dummy_logtype.conf @@ -0,0 +1,84 @@ +filter { + mutate { + replace => { + "event_data" => "" + "productlogid" => "" + "kv_msg" => "" + "msg" => "" + "deviceCustomDate1" => "" + "rt" => "" + } + } + + grok { + match => { + "message" => [ + "%{GREEDYDATA:event_data} \\| %{GREEDYDATA:kv_msg}" + ] + } + overwrite => ["event_data" ,"msg" ,"kv_msg"] + on_error => "grok_failure" + } + + mutate { + gsub => ["kv_msg", " ([a-zA-Z0-9]+=)","#$1"] + } + + kv { + source => "kv_msg" + field_split => "#" + value_split => "=" + on_error => "kv_failure" + } + + mutate { + replace => { + "event_type" => "GENERIC_EVENT" + } + } + + if [msg] != "" { + mutate { + replace => { + "msg_label.value.string_value" => "%{msg}" + } + on_error => "msg_empty" + } + if ![msg_empty] { + mutate { + replace => { + "msg_label.key" => "msg" + } + } + mutate { + merge => { + "event.idm.read_only_udm.additional.fields" => "msg_label" + } + on_error => "msg_label_empty" + } + } + } + + if [event_data] != "" { + mutate { + replace => { + "event.idm.read_only_udm.metadata.description" => "%{event_data}" + } + on_error => "event_data_empty" + } + } + + mutate { + rename => { + "event_type" => "event.idm.read_only_udm.metadata.event_type" + } + } + + mutate { + merge => { + "@output" => "event" + } + } + +} + diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json new file mode 100644 index 000000000..1569baab8 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json @@ -0,0 +1,5 @@ +{ + "product": "DUMMY Product", + "vendor": "Test Vendor", + "description": "Some sort of product from this vendorrrr." +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/expected_events/test_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/expected_events/test_events.json new file mode 100644 index 000000000..2d2da07d1 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/expected_events/test_events.json @@ -0,0 +1,38 @@ +{ + "events": [ + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:31." + } + } + } + } + }, + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:32." + } + } + } + } + } + ] +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/expected_events/usecase1_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/expected_events/usecase1_events.json new file mode 100644 index 000000000..2d2da07d1 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/expected_events/usecase1_events.json @@ -0,0 +1,38 @@ +{ + "events": [ + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:31." + } + } + } + } + }, + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:32." + } + } + } + } + } + ] +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/raw_logs/test_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/raw_logs/test_log.json new file mode 100644 index 000000000..c5dd6dfa0 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/raw_logs/test_log.json @@ -0,0 +1,6 @@ +{ + "raw_logs": [ + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:32." + ] +} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/raw_logs/usecase1_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/raw_logs/usecase1_log.json new file mode 100644 index 000000000..c5dd6dfa0 --- /dev/null +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/raw_logs/usecase1_log.json @@ -0,0 +1,6 @@ +{ + "raw_logs": [ + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:32." + ] +} From 5f923a9bb54015cc513fc0dd593f27b47b2468cd Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 6 Mar 2026 21:24:20 +0530 Subject: [PATCH 12/33] Updated metadata json --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index 1569baab8..62a0f5bce 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -1,5 +1,6 @@ { "product": "DUMMY Product", "vendor": "Test Vendor", - "description": "Some sort of product from this vendorrrr." + "description": "Some sort of product from this vendorrrr.", + "logType": "DUMMY_LOGTYPE" } From e149a7db1850ba2731ca7adaca9474022b33a11b Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 6 Mar 2026 21:24:57 +0530 Subject: [PATCH 13/33] Updated metadata json --- .../parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json index 1569baab8..f7c36a445 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json @@ -1,5 +1,6 @@ { "product": "DUMMY Product", "vendor": "Test Vendor", - "description": "Some sort of product from this vendorrrr." + "description": "Some sort of product from this vendorrrr.", + "logType": "BRO_DHCP" } From aa7675795c17d1b4e4f7f4ae596d6fa3f52ac883 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 6 Mar 2026 21:25:34 +0530 Subject: [PATCH 14/33] Updated metadata json --- .../parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json index f7c36a445..62a0f5bce 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json @@ -2,5 +2,5 @@ "product": "DUMMY Product", "vendor": "Test Vendor", "description": "Some sort of product from this vendorrrr.", - "logType": "BRO_DHCP" + "logType": "DUMMY_LOGTYPE" } From 2677f282ed3b53d9c39d434c28bff85dd0ac7d63 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Sat, 7 Mar 2026 03:30:08 +0530 Subject: [PATCH 15/33] COrrected folder structure --- .../community/DUMMY_LOGTYPE2/{ => cbn}/dummy_logtype.conf | 0 .../third_party/community/DUMMY_LOGTYPE2/{ => cbn}/metadata.json | 0 .../{ => cbn}/testdata/expected_events/test_events.json | 0 .../{ => cbn}/testdata/expected_events/usecase1_events.json | 0 .../DUMMY_LOGTYPE2/{ => cbn}/testdata/raw_logs/test_log.json | 0 .../DUMMY_LOGTYPE2/{ => cbn}/testdata/raw_logs/usecase1_log.json | 0 6 files changed, 0 insertions(+), 0 deletions(-) rename content/parsers/third_party/community/DUMMY_LOGTYPE2/{ => cbn}/dummy_logtype.conf (100%) rename content/parsers/third_party/community/DUMMY_LOGTYPE2/{ => cbn}/metadata.json (100%) rename content/parsers/third_party/community/DUMMY_LOGTYPE2/{ => cbn}/testdata/expected_events/test_events.json (100%) rename content/parsers/third_party/community/DUMMY_LOGTYPE2/{ => cbn}/testdata/expected_events/usecase1_events.json (100%) rename content/parsers/third_party/community/DUMMY_LOGTYPE2/{ => cbn}/testdata/raw_logs/test_log.json (100%) rename content/parsers/third_party/community/DUMMY_LOGTYPE2/{ => cbn}/testdata/raw_logs/usecase1_log.json (100%) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/dummy_logtype.conf b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/dummy_logtype.conf similarity index 100% rename from content/parsers/third_party/community/DUMMY_LOGTYPE2/dummy_logtype.conf rename to content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/dummy_logtype.conf diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json similarity index 100% rename from content/parsers/third_party/community/DUMMY_LOGTYPE2/metadata.json rename to content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/expected_events/test_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/test_events.json similarity index 100% rename from content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/expected_events/test_events.json rename to content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/test_events.json diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/expected_events/usecase1_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/usecase1_events.json similarity index 100% rename from content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/expected_events/usecase1_events.json rename to content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/usecase1_events.json diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/raw_logs/test_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/test_log.json similarity index 100% rename from content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/raw_logs/test_log.json rename to content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/test_log.json diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/raw_logs/usecase1_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/usecase1_log.json similarity index 100% rename from content/parsers/third_party/community/DUMMY_LOGTYPE2/testdata/raw_logs/usecase1_log.json rename to content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/usecase1_log.json From ada54044c9192176fb6df05a54040154187b80b4 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Tue, 10 Mar 2026 11:42:09 +0530 Subject: [PATCH 16/33] Removing extra logtype --- .../DUMMY_LOGTYPE2/cbn/dummy_logtype.conf | 84 ------------------- .../DUMMY_LOGTYPE2/cbn/metadata.json | 6 -- .../testdata/expected_events/test_events.json | 38 --------- .../expected_events/usecase1_events.json | 38 --------- .../cbn/testdata/raw_logs/test_log.json | 6 -- .../cbn/testdata/raw_logs/usecase1_log.json | 6 -- 6 files changed, 178 deletions(-) delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/dummy_logtype.conf delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/test_events.json delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/usecase1_events.json delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/test_log.json delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/usecase1_log.json diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/dummy_logtype.conf b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/dummy_logtype.conf deleted file mode 100644 index 5a2eb8d06..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/dummy_logtype.conf +++ /dev/null @@ -1,84 +0,0 @@ -filter { - mutate { - replace => { - "event_data" => "" - "productlogid" => "" - "kv_msg" => "" - "msg" => "" - "deviceCustomDate1" => "" - "rt" => "" - } - } - - grok { - match => { - "message" => [ - "%{GREEDYDATA:event_data} \\| %{GREEDYDATA:kv_msg}" - ] - } - overwrite => ["event_data" ,"msg" ,"kv_msg"] - on_error => "grok_failure" - } - - mutate { - gsub => ["kv_msg", " ([a-zA-Z0-9]+=)","#$1"] - } - - kv { - source => "kv_msg" - field_split => "#" - value_split => "=" - on_error => "kv_failure" - } - - mutate { - replace => { - "event_type" => "GENERIC_EVENT" - } - } - - if [msg] != "" { - mutate { - replace => { - "msg_label.value.string_value" => "%{msg}" - } - on_error => "msg_empty" - } - if ![msg_empty] { - mutate { - replace => { - "msg_label.key" => "msg" - } - } - mutate { - merge => { - "event.idm.read_only_udm.additional.fields" => "msg_label" - } - on_error => "msg_label_empty" - } - } - } - - if [event_data] != "" { - mutate { - replace => { - "event.idm.read_only_udm.metadata.description" => "%{event_data}" - } - on_error => "event_data_empty" - } - } - - mutate { - rename => { - "event_type" => "event.idm.read_only_udm.metadata.event_type" - } - } - - mutate { - merge => { - "@output" => "event" - } - } - -} - diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json deleted file mode 100644 index 62a0f5bce..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/metadata.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "product": "DUMMY Product", - "vendor": "Test Vendor", - "description": "Some sort of product from this vendorrrr.", - "logType": "DUMMY_LOGTYPE" -} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/test_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/test_events.json deleted file mode 100644 index 2d2da07d1..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/test_events.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "events": [ - { - "event" : { - "timestamp": "2021-03-23T08:20:27.863384Z", - "idm": { - "read_only_udm": { - "metadata": { - "event_timestamp": "2021-03-23T08:20:27.863384Z", - "event_type": "GENERIC_EVENT", - "description": "No New Ingestion Activity" - }, - "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:31." - } - } - } - } - }, - { - "event" : { - "timestamp": "2021-03-23T08:20:27.863384Z", - "idm": { - "read_only_udm": { - "metadata": { - "event_timestamp": "2021-03-23T08:20:27.863384Z", - "event_type": "GENERIC_EVENT", - "description": "No New Ingestion Activity" - }, - "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:32." - } - } - } - } - } - ] -} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/usecase1_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/usecase1_events.json deleted file mode 100644 index 2d2da07d1..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/expected_events/usecase1_events.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "events": [ - { - "event" : { - "timestamp": "2021-03-23T08:20:27.863384Z", - "idm": { - "read_only_udm": { - "metadata": { - "event_timestamp": "2021-03-23T08:20:27.863384Z", - "event_type": "GENERIC_EVENT", - "description": "No New Ingestion Activity" - }, - "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:31." - } - } - } - } - }, - { - "event" : { - "timestamp": "2021-03-23T08:20:27.863384Z", - "idm": { - "read_only_udm": { - "metadata": { - "event_timestamp": "2021-03-23T08:20:27.863384Z", - "event_type": "GENERIC_EVENT", - "description": "No New Ingestion Activity" - }, - "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:32." - } - } - } - } - } - ] -} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/test_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/test_log.json deleted file mode 100644 index c5dd6dfa0..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/test_log.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "raw_logs": [ - "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", - "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:32." - ] -} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/usecase1_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/usecase1_log.json deleted file mode 100644 index c5dd6dfa0..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE2/cbn/testdata/raw_logs/usecase1_log.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "raw_logs": [ - "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", - "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:32." - ] -} From 46dcb5b396aa278a452cbe8eaf9186c593c1f722 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Wed, 11 Mar 2026 20:52:29 +0530 Subject: [PATCH 17/33] lkasjdfl;k --- docs/contributing.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/contributing.md b/docs/contributing.md index 1cc5d87df..31e307039 100644 --- a/docs/contributing.md +++ b/docs/contributing.md @@ -53,6 +53,8 @@ with your changes to the main repository's main branch. ### Code Reviews + + All submissions, including submissions by project members, require review. We use [GitHub pull requests](https://docs.github.com/articles/about-pull-requests) for this purpose. From f4e4ff33c8d21c21d45b20e1bb1f2768b8a2d264 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 13 Mar 2026 16:00:07 +0530 Subject: [PATCH 18/33] Testing skip check for Google & Parser --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index 62a0f5bce..b394d56e6 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -2,5 +2,6 @@ "product": "DUMMY Product", "vendor": "Test Vendor", "description": "Some sort of product from this vendorrrr.", - "logType": "DUMMY_LOGTYPE" + "logType": "DUMMY_LOGTYPE", + "verified": false } From 9b59deb490310447128f71cf4fa3ece90429b527 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 13 Mar 2026 16:10:51 +0530 Subject: [PATCH 19/33] Testing skip check for Google & Parser --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index b394d56e6..6583164dc 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -2,6 +2,6 @@ "product": "DUMMY Product", "vendor": "Test Vendor", "description": "Some sort of product from this vendorrrr.", - "logType": "DUMMY_LOGTYPE", + "log_type": "DUMMY_LOGTYPE", "verified": false } From 9c6849fb9b5b538451378469d60a28f9a3bb82e2 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 13 Mar 2026 18:55:49 +0530 Subject: [PATCH 20/33] Test --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index 6583164dc..beea8e1f7 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -3,5 +3,5 @@ "vendor": "Test Vendor", "description": "Some sort of product from this vendorrrr.", "log_type": "DUMMY_LOGTYPE", - "verified": false + "verified": true } From c2a582ff5caba7cb0f9ff9a09514f8dc9ec0235d Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Fri, 13 Mar 2026 18:57:27 +0530 Subject: [PATCH 21/33] Updated PR --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index a7b30f535..c5075e8be 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,8 @@ > **Note:** At this time, only response integration and playbook content is supported via this contribution > workflow. We expect to expand support to other critical content types in the near future. + + 👋 Hello and welcome! This repository is the central hub for a wide array of community-contributed content intended to From 60e1a0e7ff5ae763431f147cd958d3864dc698a5 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Tue, 17 Mar 2026 13:21:45 +0530 Subject: [PATCH 22/33] Updated metadata --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index beea8e1f7..8c7efc314 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -1,7 +1,7 @@ { "product": "DUMMY Product", "vendor": "Test Vendor", - "description": "Some sort of product from this vendorrrr.", + "description": "Some sort of product from this vendor.", "log_type": "DUMMY_LOGTYPE", "verified": true } From 422a00a53df974d838e07eff76d4bfb31420f490 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Tue, 17 Mar 2026 13:27:51 +0530 Subject: [PATCH 23/33] Updated metadata --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index 8c7efc314..bf0219796 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -1,7 +1,7 @@ { "product": "DUMMY Product", "vendor": "Test Vendor", - "description": "Some sort of product from this vendor.", + "description": "Some sort of product from this vendorr.", "log_type": "DUMMY_LOGTYPE", "verified": true } From 05e84b7d4656a73add9bc0d7a35f18b9a3aeed8c Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Tue, 17 Mar 2026 14:39:01 +0530 Subject: [PATCH 24/33] Update --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index bf0219796..8c7efc314 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -1,7 +1,7 @@ { "product": "DUMMY Product", "vendor": "Test Vendor", - "description": "Some sort of product from this vendorr.", + "description": "Some sort of product from this vendor.", "log_type": "DUMMY_LOGTYPE", "verified": true } From 5dca7f39fffb1faee6059f821aa5c1543787fc6a Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Tue, 17 Mar 2026 15:03:29 +0530 Subject: [PATCH 25/33] Updated --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index 8c7efc314..beea8e1f7 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -1,7 +1,7 @@ { "product": "DUMMY Product", "vendor": "Test Vendor", - "description": "Some sort of product from this vendor.", + "description": "Some sort of product from this vendorrrr.", "log_type": "DUMMY_LOGTYPE", "verified": true } From facc1463ad42e5580995b05991ef529660026753 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Tue, 17 Mar 2026 15:06:38 +0530 Subject: [PATCH 26/33] Updated --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index beea8e1f7..8c7efc314 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -1,7 +1,7 @@ { "product": "DUMMY Product", "vendor": "Test Vendor", - "description": "Some sort of product from this vendorrrr.", + "description": "Some sort of product from this vendor.", "log_type": "DUMMY_LOGTYPE", "verified": true } From 247bbdb58f9f7e89cf7f3bbf4ab7f21a6ba869d3 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Tue, 17 Mar 2026 15:07:31 +0530 Subject: [PATCH 27/33] Updated --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index 8c7efc314..bf0219796 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -1,7 +1,7 @@ { "product": "DUMMY Product", "vendor": "Test Vendor", - "description": "Some sort of product from this vendor.", + "description": "Some sort of product from this vendorr.", "log_type": "DUMMY_LOGTYPE", "verified": true } From 478efbbef078f867f3cbb60f8bf728d427d40da0 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Thu, 2 Apr 2026 13:16:44 +0530 Subject: [PATCH 28/33] Updated --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index bf0219796..8c7efc314 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -1,7 +1,7 @@ { "product": "DUMMY Product", "vendor": "Test Vendor", - "description": "Some sort of product from this vendorr.", + "description": "Some sort of product from this vendor.", "log_type": "DUMMY_LOGTYPE", "verified": true } From 4293a002ba6569cc3532883c79f2d5100b1cd7f8 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Mon, 6 Apr 2026 12:06:17 +0530 Subject: [PATCH 29/33] Removed verified field --- .../third_party/community/DUMMY_LOGTYPE/cbn/metadata.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json index 8c7efc314..3c61f598a 100644 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json @@ -2,6 +2,5 @@ "product": "DUMMY Product", "vendor": "Test Vendor", "description": "Some sort of product from this vendor.", - "log_type": "DUMMY_LOGTYPE", - "verified": true + "log_type": "DUMMY_LOGTYPE" } From 964270d4e8406758b0be98f2b1c4b4063e3f4206 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Tue, 21 Apr 2026 12:26:02 +0530 Subject: [PATCH 30/33] Added new partner folder --- .../DUMMY_LOGTYPE/cbn/dummy_logtype.conf | 84 +++++++++++++++++++ .../partner/DUMMY_LOGTYPE/cbn/metadata.json | 6 ++ .../testdata/expected_events/test_events.json | 38 +++++++++ .../expected_events/usecase1_events.json | 38 +++++++++ .../cbn/testdata/raw_logs/test_log.json | 6 ++ .../cbn/testdata/raw_logs/usecase1_log.json | 6 ++ 6 files changed, 178 insertions(+) create mode 100644 content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/dummy_logtype.conf create mode 100644 content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/metadata.json create mode 100644 content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json create mode 100644 content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json create mode 100644 content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json create mode 100644 content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json diff --git a/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/dummy_logtype.conf b/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/dummy_logtype.conf new file mode 100644 index 000000000..5a2eb8d06 --- /dev/null +++ b/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/dummy_logtype.conf @@ -0,0 +1,84 @@ +filter { + mutate { + replace => { + "event_data" => "" + "productlogid" => "" + "kv_msg" => "" + "msg" => "" + "deviceCustomDate1" => "" + "rt" => "" + } + } + + grok { + match => { + "message" => [ + "%{GREEDYDATA:event_data} \\| %{GREEDYDATA:kv_msg}" + ] + } + overwrite => ["event_data" ,"msg" ,"kv_msg"] + on_error => "grok_failure" + } + + mutate { + gsub => ["kv_msg", " ([a-zA-Z0-9]+=)","#$1"] + } + + kv { + source => "kv_msg" + field_split => "#" + value_split => "=" + on_error => "kv_failure" + } + + mutate { + replace => { + "event_type" => "GENERIC_EVENT" + } + } + + if [msg] != "" { + mutate { + replace => { + "msg_label.value.string_value" => "%{msg}" + } + on_error => "msg_empty" + } + if ![msg_empty] { + mutate { + replace => { + "msg_label.key" => "msg" + } + } + mutate { + merge => { + "event.idm.read_only_udm.additional.fields" => "msg_label" + } + on_error => "msg_label_empty" + } + } + } + + if [event_data] != "" { + mutate { + replace => { + "event.idm.read_only_udm.metadata.description" => "%{event_data}" + } + on_error => "event_data_empty" + } + } + + mutate { + rename => { + "event_type" => "event.idm.read_only_udm.metadata.event_type" + } + } + + mutate { + merge => { + "@output" => "event" + } + } + +} + diff --git a/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/metadata.json new file mode 100644 index 000000000..3c61f598a --- /dev/null +++ b/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/metadata.json @@ -0,0 +1,6 @@ +{ + "product": "DUMMY Product", + "vendor": "Test Vendor", + "description": "Some sort of product from this vendor.", + "log_type": "DUMMY_LOGTYPE" +} diff --git a/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json b/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json new file mode 100644 index 000000000..2d2da07d1 --- /dev/null +++ b/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json @@ -0,0 +1,38 @@ +{ + "events": [ + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:31." + } + } + } + } + }, + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:32." + } + } + } + } + } + ] +} diff --git a/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json b/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json new file mode 100644 index 000000000..2d2da07d1 --- /dev/null +++ b/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json @@ -0,0 +1,38 @@ +{ + "events": [ + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:31." + } + } + } + } + }, + { + "event" : { + "timestamp": "2021-03-23T08:20:27.863384Z", + "idm": { + "read_only_udm": { + "metadata": { + "event_timestamp": "2021-03-23T08:20:27.863384Z", + "event_type": "GENERIC_EVENT", + "description": "No New Ingestion Activity" + }, + "additional": { + "msg": "No reports have been ingested since MAR 23 2021 00:18:32." + } + } + } + } + } + ] +} diff --git a/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json b/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json new file mode 100644 index 000000000..c5dd6dfa0 --- /dev/null +++ b/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json @@ -0,0 +1,6 @@ +{ + "raw_logs": [ + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:32." + ] +} diff --git a/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json b/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json new file mode 100644 index 000000000..c5dd6dfa0 --- /dev/null +++ b/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json @@ -0,0 +1,6 @@ +{ + "raw_logs": [ + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", + "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:32." + ] +} From f1545a2e1b623d4cf8f9a9a6d339ebb32c38e555 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Tue, 21 Apr 2026 14:08:11 +0530 Subject: [PATCH 31/33] Moved --- .../partner/{ => partnerA}/DUMMY_LOGTYPE/cbn/dummy_logtype.conf | 0 .../partner/{ => partnerA}/DUMMY_LOGTYPE/cbn/metadata.json | 0 .../DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json | 0 .../cbn/testdata/expected_events/usecase1_events.json | 0 .../DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json | 0 .../DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json | 0 6 files changed, 0 insertions(+), 0 deletions(-) rename content/parsers/third_party/partner/{ => partnerA}/DUMMY_LOGTYPE/cbn/dummy_logtype.conf (100%) rename content/parsers/third_party/partner/{ => partnerA}/DUMMY_LOGTYPE/cbn/metadata.json (100%) rename content/parsers/third_party/partner/{ => partnerA}/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json (100%) rename content/parsers/third_party/partner/{ => partnerA}/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json (100%) rename content/parsers/third_party/partner/{ => partnerA}/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json (100%) rename content/parsers/third_party/partner/{ => partnerA}/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json (100%) diff --git a/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/dummy_logtype.conf b/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/dummy_logtype.conf similarity index 100% rename from content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/dummy_logtype.conf rename to content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/dummy_logtype.conf diff --git a/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/metadata.json similarity index 100% rename from content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/metadata.json rename to content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/metadata.json diff --git a/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json b/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json similarity index 100% rename from content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json rename to content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json diff --git a/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json b/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json similarity index 100% rename from content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json rename to content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json diff --git a/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json b/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json similarity index 100% rename from content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json rename to content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json diff --git a/content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json b/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json similarity index 100% rename from content/parsers/third_party/partner/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json rename to content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json From 42784d0f5b4f34440b76f9bb13ece5b015cef9a8 Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Tue, 21 Apr 2026 14:11:06 +0530 Subject: [PATCH 32/33] Moved --- .../partner/partnerA/DUMMY_LOGTYPE/cbn/metadata.json | 6 ------ .../cbn/dummy_logtype.conf | 0 .../partner/partnerA/DUMMY_LOGTYPE1/cbn/metadata.json | 5 +++++ .../cbn/testdata/expected_events/test_events.json | 0 .../cbn/testdata/expected_events/usecase1_events.json | 0 .../cbn/testdata/raw_logs/test_log.json | 0 .../cbn/testdata/raw_logs/usecase1_log.json | 0 7 files changed, 5 insertions(+), 6 deletions(-) delete mode 100644 content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/metadata.json rename content/parsers/third_party/partner/partnerA/{DUMMY_LOGTYPE => DUMMY_LOGTYPE1}/cbn/dummy_logtype.conf (100%) create mode 100644 content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/metadata.json rename content/parsers/third_party/partner/partnerA/{DUMMY_LOGTYPE => DUMMY_LOGTYPE1}/cbn/testdata/expected_events/test_events.json (100%) rename content/parsers/third_party/partner/partnerA/{DUMMY_LOGTYPE => DUMMY_LOGTYPE1}/cbn/testdata/expected_events/usecase1_events.json (100%) rename content/parsers/third_party/partner/partnerA/{DUMMY_LOGTYPE => DUMMY_LOGTYPE1}/cbn/testdata/raw_logs/test_log.json (100%) rename content/parsers/third_party/partner/partnerA/{DUMMY_LOGTYPE => DUMMY_LOGTYPE1}/cbn/testdata/raw_logs/usecase1_log.json (100%) diff --git a/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/metadata.json deleted file mode 100644 index 3c61f598a..000000000 --- a/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/metadata.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "product": "DUMMY Product", - "vendor": "Test Vendor", - "description": "Some sort of product from this vendor.", - "log_type": "DUMMY_LOGTYPE" -} diff --git a/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/dummy_logtype.conf b/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/dummy_logtype.conf similarity index 100% rename from content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/dummy_logtype.conf rename to content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/dummy_logtype.conf diff --git a/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/metadata.json b/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/metadata.json new file mode 100644 index 000000000..d2ae98a72 --- /dev/null +++ b/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/metadata.json @@ -0,0 +1,5 @@ +{ + "product": "DUMMY Product", + "vendor": "Test Vendor", + "description": "Some sort of product from this vendor." +} diff --git a/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json b/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/testdata/expected_events/test_events.json similarity index 100% rename from content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json rename to content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/testdata/expected_events/test_events.json diff --git a/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json b/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/testdata/expected_events/usecase1_events.json similarity index 100% rename from content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json rename to content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/testdata/expected_events/usecase1_events.json diff --git a/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json b/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/testdata/raw_logs/test_log.json similarity index 100% rename from content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json rename to content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/testdata/raw_logs/test_log.json diff --git a/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json b/content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/testdata/raw_logs/usecase1_log.json similarity index 100% rename from content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json rename to content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/testdata/raw_logs/usecase1_log.json From 0a0def7048be1ebba94d09fb8493de46c0b9652d Mon Sep 17 00:00:00 2001 From: Prasoon Birla Date: Tue, 21 Apr 2026 14:33:20 +0530 Subject: [PATCH 33/33] Moved --- .../parsers/third_party/community/.gitignore | 0 .../DUMMY_LOGTYPE/cbn/dummy_logtype.conf | 84 ------------------- .../community/DUMMY_LOGTYPE/cbn/metadata.json | 6 -- .../testdata/expected_events/test_events.json | 38 --------- .../expected_events/usecase1_events.json | 38 --------- .../cbn/testdata/raw_logs/test_log.json | 6 -- .../cbn/testdata/raw_logs/usecase1_log.json | 6 -- 7 files changed, 178 deletions(-) delete mode 100644 content/parsers/third_party/community/.gitignore delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json delete mode 100644 content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json diff --git a/content/parsers/third_party/community/.gitignore b/content/parsers/third_party/community/.gitignore deleted file mode 100644 index e69de29bb..000000000 diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf deleted file mode 100644 index 5a2eb8d06..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/dummy_logtype.conf +++ /dev/null @@ -1,84 +0,0 @@ -filter { - mutate { - replace => { - "event_data" => "" - "productlogid" => "" - "kv_msg" => "" - "msg" => "" - "deviceCustomDate1" => "" - "rt" => "" - } - } - - grok { - match => { - "message" => [ - "%{GREEDYDATA:event_data} \\| %{GREEDYDATA:kv_msg}" - ] - } - overwrite => ["event_data" ,"msg" ,"kv_msg"] - on_error => "grok_failure" - } - - mutate { - gsub => ["kv_msg", " ([a-zA-Z0-9]+=)","#$1"] - } - - kv { - source => "kv_msg" - field_split => "#" - value_split => "=" - on_error => "kv_failure" - } - - mutate { - replace => { - "event_type" => "GENERIC_EVENT" - } - } - - if [msg] != "" { - mutate { - replace => { - "msg_label.value.string_value" => "%{msg}" - } - on_error => "msg_empty" - } - if ![msg_empty] { - mutate { - replace => { - "msg_label.key" => "msg" - } - } - mutate { - merge => { - "event.idm.read_only_udm.additional.fields" => "msg_label" - } - on_error => "msg_label_empty" - } - } - } - - if [event_data] != "" { - mutate { - replace => { - "event.idm.read_only_udm.metadata.description" => "%{event_data}" - } - on_error => "event_data_empty" - } - } - - mutate { - rename => { - "event_type" => "event.idm.read_only_udm.metadata.event_type" - } - } - - mutate { - merge => { - "@output" => "event" - } - } - -} - diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json deleted file mode 100644 index 3c61f598a..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/metadata.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "product": "DUMMY Product", - "vendor": "Test Vendor", - "description": "Some sort of product from this vendor.", - "log_type": "DUMMY_LOGTYPE" -} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json deleted file mode 100644 index 2d2da07d1..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/test_events.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "events": [ - { - "event" : { - "timestamp": "2021-03-23T08:20:27.863384Z", - "idm": { - "read_only_udm": { - "metadata": { - "event_timestamp": "2021-03-23T08:20:27.863384Z", - "event_type": "GENERIC_EVENT", - "description": "No New Ingestion Activity" - }, - "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:31." - } - } - } - } - }, - { - "event" : { - "timestamp": "2021-03-23T08:20:27.863384Z", - "idm": { - "read_only_udm": { - "metadata": { - "event_timestamp": "2021-03-23T08:20:27.863384Z", - "event_type": "GENERIC_EVENT", - "description": "No New Ingestion Activity" - }, - "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:32." - } - } - } - } - } - ] -} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json deleted file mode 100644 index 2d2da07d1..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/expected_events/usecase1_events.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "events": [ - { - "event" : { - "timestamp": "2021-03-23T08:20:27.863384Z", - "idm": { - "read_only_udm": { - "metadata": { - "event_timestamp": "2021-03-23T08:20:27.863384Z", - "event_type": "GENERIC_EVENT", - "description": "No New Ingestion Activity" - }, - "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:31." - } - } - } - } - }, - { - "event" : { - "timestamp": "2021-03-23T08:20:27.863384Z", - "idm": { - "read_only_udm": { - "metadata": { - "event_timestamp": "2021-03-23T08:20:27.863384Z", - "event_type": "GENERIC_EVENT", - "description": "No New Ingestion Activity" - }, - "additional": { - "msg": "No reports have been ingested since MAR 23 2021 00:18:32." - } - } - } - } - } - ] -} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json deleted file mode 100644 index c5dd6dfa0..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/test_log.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "raw_logs": [ - "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", - "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:32." - ] -} diff --git a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json b/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json deleted file mode 100644 index c5dd6dfa0..000000000 --- a/content/parsers/third_party/community/DUMMY_LOGTYPE/cbn/testdata/raw_logs/usecase1_log.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "raw_logs": [ - "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.", - "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:32." - ] -}