aliasキーがない場合もEvent.EventDataを自動で走査する (#442)
* add no event key * support not-register-alias search * added checking EventData when key do not match in alias #290 - added checking key in Event.EventData, if key is not exist in eventkey_alias.txt. * cargo fmt * fixed panic when filter files does not exists * fixed errorlog format when filter config files does not exist Co-authored-by: DustInDark <nextsasasa@gmail.com>
This commit is contained in:
kazuminn
GitHub
@@ -100,26 +100,31 @@ impl Message {
|
|||||||
.take(target_length)
|
.take(target_length)
|
||||||
.collect::<String>();
|
.collect::<String>();
|
||||||
|
|
||||||
if let Some(array_str) = configs::EVENTKEY_ALIAS.get_event_key(&target_str) {
|
let array_str;
|
||||||
let split: Vec<&str> = array_str.split('.').collect();
|
if let Some(_array_str) = configs::EVENTKEY_ALIAS.get_event_key(&target_str) {
|
||||||
let mut is_exist_event_key = false;
|
array_str = _array_str.to_string();
|
||||||
let mut tmp_event_record: &Value = event_record;
|
} else {
|
||||||
for s in &split {
|
array_str = "Event.EventData.".to_owned() + &target_str;
|
||||||
if let Some(record) = tmp_event_record.get(s) {
|
}
|
||||||
is_exist_event_key = true;
|
|
||||||
tmp_event_record = record;
|
let split: Vec<&str> = array_str.split('.').collect();
|
||||||
output_filter = FILTER_REGEX.get(&s.to_string());
|
let mut is_exist_event_key = false;
|
||||||
}
|
let mut tmp_event_record: &Value = event_record;
|
||||||
|
for s in &split {
|
||||||
|
if let Some(record) = tmp_event_record.get(s) {
|
||||||
|
is_exist_event_key = true;
|
||||||
|
tmp_event_record = record;
|
||||||
|
output_filter = FILTER_REGEX.get(&s.to_string());
|
||||||
}
|
}
|
||||||
if is_exist_event_key {
|
}
|
||||||
let mut hash_value = get_serde_number_to_string(tmp_event_record);
|
if is_exist_event_key {
|
||||||
if hash_value.is_some() {
|
let mut hash_value = get_serde_number_to_string(tmp_event_record);
|
||||||
if output_filter.is_some() {
|
if hash_value.is_some() {
|
||||||
hash_value =
|
if output_filter.is_some() {
|
||||||
utils::replace_target_character(hash_value.as_ref(), output_filter);
|
hash_value =
|
||||||
}
|
utils::replace_target_character(hash_value.as_ref(), output_filter);
|
||||||
hash_map.insert(full_target_str.to_string(), hash_value.unwrap());
|
|
||||||
}
|
}
|
||||||
|
hash_map.insert(full_target_str.to_string(), hash_value.unwrap());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -393,6 +398,27 @@ mod tests {
|
|||||||
expected,
|
expected,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[test]
|
||||||
|
fn test_parse_message_auto_search() {
|
||||||
|
let mut message = Message::new();
|
||||||
|
let json_str = r##"
|
||||||
|
{
|
||||||
|
"Event": {
|
||||||
|
"EventData": {
|
||||||
|
"NoAlias": "no_alias"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
"##;
|
||||||
|
let event_record: Value = serde_json::from_str(json_str).unwrap();
|
||||||
|
let expected = "alias:no_alias";
|
||||||
|
assert_eq!(
|
||||||
|
message.parse_message(&event_record, "alias:%NoAlias%".to_owned()),
|
||||||
|
expected,
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
#[test]
|
#[test]
|
||||||
/// outputで指定されているキーが、eventkey_alias.txt内で設定されていない場合の出力テスト
|
/// outputで指定されているキーが、eventkey_alias.txt内で設定されていない場合の出力テスト
|
||||||
fn test_parse_message_not_exist_key_in_output() {
|
fn test_parse_message_not_exist_key_in_output() {
|
||||||
@@ -412,9 +438,9 @@ mod tests {
|
|||||||
}
|
}
|
||||||
"##;
|
"##;
|
||||||
let event_record: Value = serde_json::from_str(json_str).unwrap();
|
let event_record: Value = serde_json::from_str(json_str).unwrap();
|
||||||
let expected = "NoExistKey:%TESTNoExistKey%";
|
let expected = "NoExistAlias:%NoAliasNoHit%";
|
||||||
assert_eq!(
|
assert_eq!(
|
||||||
message.parse_message(&event_record, "NoExistKey:%TESTNoExistKey%".to_owned()),
|
message.parse_message(&event_record, "NoExistAlias:%NoAliasNoHit%".to_owned()),
|
||||||
expected,
|
expected,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -166,8 +166,8 @@ pub fn get_event_value<'a>(key: &str, event_value: &'a Value) -> Option<&'a Valu
|
|||||||
}
|
}
|
||||||
|
|
||||||
let event_key = configs::EVENTKEY_ALIAS.get_event_key(key);
|
let event_key = configs::EVENTKEY_ALIAS.get_event_key(key);
|
||||||
|
let mut ret: &Value = event_value;
|
||||||
if let Some(event_key) = event_key {
|
if let Some(event_key) = event_key {
|
||||||
let mut ret: &Value = event_value;
|
|
||||||
// get_event_keyが取得できてget_event_key_splitが取得できないことはない
|
// get_event_keyが取得できてget_event_key_splitが取得できないことはない
|
||||||
let splits = configs::EVENTKEY_ALIAS.get_event_key_split(key);
|
let splits = configs::EVENTKEY_ALIAS.get_event_key_split(key);
|
||||||
let mut start_idx = 0;
|
let mut start_idx = 0;
|
||||||
@@ -184,8 +184,12 @@ pub fn get_event_value<'a>(key: &str, event_value: &'a Value) -> Option<&'a Valu
|
|||||||
|
|
||||||
Option::Some(ret)
|
Option::Some(ret)
|
||||||
} else {
|
} else {
|
||||||
let mut ret: &Value = event_value;
|
let event_key;
|
||||||
let event_key = key;
|
if !key.contains('.') {
|
||||||
|
event_key = "Event.EventData.".to_string() + key;
|
||||||
|
} else {
|
||||||
|
event_key = key.to_string();
|
||||||
|
}
|
||||||
for key in event_key.split('.') {
|
for key in event_key.split('.') {
|
||||||
if !ret.is_object() {
|
if !ret.is_object() {
|
||||||
return Option::None;
|
return Option::None;
|
||||||
|
|||||||
@@ -126,8 +126,9 @@ impl RuleExclude {
|
|||||||
ERROR_LOG_STACK
|
ERROR_LOG_STACK
|
||||||
.lock()
|
.lock()
|
||||||
.unwrap()
|
.unwrap()
|
||||||
.push(format!("{} does not exist", filename));
|
.push(format!("[WARN] {} does not exist", filename));
|
||||||
}
|
}
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
let reader = BufReader::new(f.unwrap());
|
let reader = BufReader::new(f.unwrap());
|
||||||
for v in reader.lines() {
|
for v in reader.lines() {
|
||||||
|
|||||||
Reference in New Issue
Block a user