From 50a1dfb5dcc6beb1e3fe91c6f4d3ce68015e8c9f Mon Sep 17 00:00:00 2001
From: nkaleiya <nkaleiya@splunk.com>
Date: Wed, 13 May 2020 19:40:20 +0530
Subject: [PATCH] Updated test cases and log path file

---
 package/etc/conf.d/log_paths/lp-cisco_wsa.conf.tmpl | 4 ++++
 tests/test_cisco_wsa.py                             | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/package/etc/conf.d/log_paths/lp-cisco_wsa.conf.tmpl b/package/etc/conf.d/log_paths/lp-cisco_wsa.conf.tmpl
index e9c3704..9403f7d 100644
--- a/package/etc/conf.d/log_paths/lp-cisco_wsa.conf.tmpl
+++ b/package/etc/conf.d/log_paths/lp-cisco_wsa.conf.tmpl
@@ -35,6 +35,7 @@ log{
     } elif {
         filter(f_cisco_wsa11_7);
         parser {
+            channel {
                 filter {
                     program(
                         '(?:(?<EPOCH>\d{10})(?:.(?<TIMESECFRAC>\d{1,9}))?)'
@@ -46,6 +47,7 @@ log{
                                 template("${EPOCH}.${TIMESECFRAC}")
                     );
                 };
+            };
         };
         rewrite {
                 set("cisco_wsa11_7", value("fields.sc4s_vendor_product"));
@@ -57,6 +59,7 @@ log{
         
     } else {
         parser {
+            channel {
                 filter {
                     program(
                         '(?:(?<EPOCH>\d{10})(?:.(?<TIMESECFRAC>\d{1,9}))?)'
@@ -68,6 +71,7 @@ log{
                                 template("${EPOCH}.${TIMESECFRAC}")
                     );
                 };
+            };
         };
         rewrite {
                 set("cisco_wsa", value("fields.sc4s_vendor_product"));
diff --git a/tests/test_cisco_wsa.py b/tests/test_cisco_wsa.py
index f396ffd..7443348 100644
--- a/tests/test_cisco_wsa.py
+++ b/tests/test_cisco_wsa.py
@@ -51,7 +51,7 @@ def test_cisco_wsa_squid_11_7(record_property, setup_wordlist, get_host_key, set
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
     st = env.from_string(
-        "search index=netops _time={{ epoch }} sourcetype=\"cisco:wsa:squid:new\" _raw=\"{{ message }}\"")
+        "search index=netops sourcetype=\"cisco:wsa:squid:new\" _raw=\"{{ message }}\"")
     message1 = mt.render(mark="", bsd="", host="")
     search = st.render(epoch=epoch ,host=host, message=message1.lstrip().replace('"','\\"'))
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -78,7 +78,7 @@ def test_cisco_wsa_squid(record_property, setup_wordlist, get_host_key, setup_sp
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
     st = env.from_string(
-        "search index=netops _time={{ epoch }} sourcetype=\"cisco:wsa:squid\" _raw=\"{{ message }}\"")
+        "search index=netops sourcetype=\"cisco:wsa:squid\" _raw=\"{{ message }}\"")
     message1 = mt.render(mark="", bsd="", host="")
     search = st.render(epoch=epoch ,host=host, message=message1.lstrip().replace('"','\\"'))
     resultCount, eventCount = splunk_single(setup_splunk, search)