Partner parsers

README.md

@@ -12,6 +12,8 @@
 > **Note:** At this time, only response integration and playbook content is supported via this contribution
 > workflow. We expect to expand support to other critical content types in the near future.
 
+
+
 👋 Hello and welcome!
 
 This repository is the central hub for a wide array of community-contributed content intended to

content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/dummy_logtype.conf

@@ -0,0 +1,84 @@
+filter {
+  mutate {
+    replace => {
+      "event_data" => ""
+      "productlogid" => ""
+      "kv_msg" => ""
+      "msg" => ""
+      "deviceCustomDate1" => ""
+      "rt" => ""
+    }
+  }
+
+  grok {
+    match => {
+      "message" => [
+        "%{GREEDYDATA:event_data} \\| %{GREEDYDATA:kv_msg}"
+      ]
+    }
+    overwrite => ["event_data" ,"msg" ,"kv_msg"]
+    on_error => "grok_failure"
+  }
+
+  mutate {
+    gsub => ["kv_msg", " ([a-zA-Z0-9]+=)","#$1"]
+  }
+
+  kv {
+    source => "kv_msg"
+    field_split => "#"
+    value_split => "="
+    on_error => "kv_failure"
+  }
+
+  mutate {
+    replace => {
+      "event_type" => "GENERIC_EVENT"
+    }
+  }
+
+  if [msg] != "" {
+    mutate {
+      replace => {
+        "msg_label.value.string_value" => "%{msg}"
+      }
+      on_error => "msg_empty"
+    }
+    if ![msg_empty] {
+      mutate {
+        replace => {
+          "msg_label.key" => "msg"
+        }
+      }
+      mutate {
+        merge => {
+          "event.idm.read_only_udm.additional.fields" => "msg_label"
+        }
+        on_error => "msg_label_empty"
+      }
+    }
+  }
+
+  if [event_data] != "" {
+    mutate {
+      replace => {
+        "event.idm.read_only_udm.metadata.description" => "%{event_data}"
+      }
+      on_error => "event_data_empty"
+    }
+  }
+
+  mutate {
+    rename => {
+      "event_type" => "event.idm.read_only_udm.metadata.event_type"
+    }
+  }
+
+  mutate {
+    merge => {
+      "@output" => "event"
+    }
+  }
+
+}
+

content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/metadata.json

@@ -0,0 +1,5 @@
+{
+  "product": "DUMMY Product",
+  "vendor": "Test Vendor",
+  "description": "Some sort of product from this vendor."
+}

content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/testdata/expected_events/test_events.json

@@ -0,0 +1,38 @@
+{
+  "events": [
+    {
+      "event" : {
+        "timestamp": "2021-03-23T08:20:27.863384Z",
+        "idm": {
+          "read_only_udm": {
+            "metadata": {
+              "event_timestamp": "2021-03-23T08:20:27.863384Z",
+              "event_type": "GENERIC_EVENT",
+              "description": "No New Ingestion Activity"
+            },
+            "additional": {
+              "msg": "No reports have been ingested since MAR 23 2021 00:18:31."
+            }
+          }
+        }
+      }
+    },
+    {
+      "event" : {
+        "timestamp": "2021-03-23T08:20:27.863384Z",
+        "idm": {
+          "read_only_udm": {
+            "metadata": {
+              "event_timestamp": "2021-03-23T08:20:27.863384Z",
+              "event_type": "GENERIC_EVENT",
+              "description": "No New Ingestion Activity"
+            },
+            "additional": {
+              "msg": "No reports have been ingested since MAR 23 2021 00:18:32."
+            }
+          }
+        }
+      }
+    }
+  ]
+}

content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/testdata/expected_events/usecase1_events.json

@@ -0,0 +1,38 @@
+{
+  "events": [
+    {
+      "event" : {
+        "timestamp": "2021-03-23T08:20:27.863384Z",
+        "idm": {
+          "read_only_udm": {
+            "metadata": {
+              "event_timestamp": "2021-03-23T08:20:27.863384Z",
+              "event_type": "GENERIC_EVENT",
+              "description": "No New Ingestion Activity"
+            },
+            "additional": {
+              "msg": "No reports have been ingested since MAR 23 2021 00:18:31."
+            }
+          }
+        }
+      }
+    },
+    {
+      "event" : {
+        "timestamp": "2021-03-23T08:20:27.863384Z",
+        "idm": {
+          "read_only_udm": {
+            "metadata": {
+              "event_timestamp": "2021-03-23T08:20:27.863384Z",
+              "event_type": "GENERIC_EVENT",
+              "description": "No New Ingestion Activity"
+            },
+            "additional": {
+              "msg": "No reports have been ingested since MAR 23 2021 00:18:32."
+            }
+          }
+        }
+      }
+    }
+  ]
+}

content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/testdata/raw_logs/test_log.json

@@ -0,0 +1,6 @@
+{
+  "raw_logs": [
+    "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.",
+    "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:32."
+  ]
+}

content/parsers/third_party/partner/partnerA/DUMMY_LOGTYPE1/cbn/testdata/raw_logs/usecase1_log.json

@@ -0,0 +1,6 @@
+{
+  "raw_logs": [
+    "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:31.",
+    "No New Ingestion Activity | msg=No reports have been ingested since MAR 23 2021 00:18:32."
+  ]
+}

docs/contributing.md

@@ -53,6 +53,8 @@ with your changes to the main repository's main branch.
 
 ### Code Reviews
 
+
+
 All submissions, including submissions by project members, require review. We
 use [GitHub pull requests](https://docs.github.com/articles/about-pull-requests)
 for this purpose.