Updated test cases and log path file

CSVD · May 13, 2020 · 50a1dfb · 50a1dfb
1 parent d29bd31
commit 50a1dfb
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/package/etc/conf.d/log_paths/lp-cisco_wsa.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_wsa.conf.tmpl
@@ -35,6 +35,7 @@ log{
     } elif {
         filter(f_cisco_wsa11_7);
         parser {
+            channel {
                 filter {
                     program(
                         '(?:(?<EPOCH>\d{10})(?:.(?<TIMESECFRAC>\d{1,9}))?)'
@@ -46,6 +47,7 @@ log{
                                 template("${EPOCH}.${TIMESECFRAC}")
                     );
                 };
+            };
         };
         rewrite {
                 set("cisco_wsa11_7", value("fields.sc4s_vendor_product"));
@@ -57,6 +59,7 @@ log{
 
     } else {
         parser {
+            channel {
                 filter {
                     program(
                         '(?:(?<EPOCH>\d{10})(?:.(?<TIMESECFRAC>\d{1,9}))?)'
@@ -68,6 +71,7 @@ log{
                                 template("${EPOCH}.${TIMESECFRAC}")
                     );
                 };
+            };
         };
         rewrite {
                 set("cisco_wsa", value("fields.sc4s_vendor_product"));

diff --git a/tests/test_cisco_wsa.py b/tests/test_cisco_wsa.py
@@ -51,7 +51,7 @@ def test_cisco_wsa_squid_11_7(record_property, setup_wordlist, get_host_key, set
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
     st = env.from_string(
-        "search index=netops _time={{ epoch }} sourcetype=\"cisco:wsa:squid:new\" _raw=\"{{ message }}\"")
+        "search index=netops sourcetype=\"cisco:wsa:squid:new\" _raw=\"{{ message }}\"")
     message1 = mt.render(mark="", bsd="", host="")
     search = st.render(epoch=epoch ,host=host, message=message1.lstrip().replace('"','\\"'))
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -78,7 +78,7 @@ def test_cisco_wsa_squid(record_property, setup_wordlist, get_host_key, setup_sp
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
     st = env.from_string(
-        "search index=netops _time={{ epoch }} sourcetype=\"cisco:wsa:squid\" _raw=\"{{ message }}\"")
+        "search index=netops sourcetype=\"cisco:wsa:squid\" _raw=\"{{ message }}\"")
     message1 = mt.render(mark="", bsd="", host="")
     search = st.render(epoch=epoch ,host=host, message=message1.lstrip().replace('"','\\"'))
     resultCount, eventCount = splunk_single(setup_splunk, search)