Skip to content

Commit

Permalink
make DRY
Browse files Browse the repository at this point in the history
  • Loading branch information
rfaircloth-splunk committed Feb 10, 2020
1 parent a101417 commit 8ba5806
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 33 deletions.
21 changes: 20 additions & 1 deletion package/etc/conf.d/filters/cisco/ucm.conf
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,23 @@ filter f_cisco_ucm_message {
'^(<\d{1,3}>)\d*: (?:([^:]+): )?(.*) : (%.*)'
flags(store-matches)
);
};
};

parser p_cisco_ucm_date {
#Oct 14 2015 05:50:19 AM.484 UTC
#Apr 21 19:01:35.638 UTC
date-parser(format(
'%b %d %Y %I:%M:%S %p.%f %Z',
'%b %d %H:%M:%S.%f %Z'
)
template("$3"));
};

rewrite r_cisco_ucm_message {
set("cisco_ucm" value("fields.sc4s_syslog_format"));
set("cisco_ucm" value("fields.sc4s_vendor_product"));
set("$HOST_FROM" value("HOST") );
set("$2" value("HOST") condition(match("^..." template("${2}"))) );
set("$4" value("MESSAGE"));
};

36 changes: 4 additions & 32 deletions package/etc/go_templates/source_network.t
Original file line number Diff line number Diff line change
Expand Up @@ -89,22 +89,8 @@ source s_{{ .port_id }} {
parser (p_cisco_meraki);
rewrite(set_rfc5424_epochtime);
{{ else if eq .parser "cisco_ucm" }}
parser {
#Oct 14 2015 05:50:19 AM.484 UTC
#Apr 21 19:01:35.638 UTC
date-parser(format(
'%b %d %Y %I:%M:%S %p.%f %Z',
'%b %d %H:%M:%S.%f %Z'
)
template("$3"));
};
rewrite {
set("cisco_ucm" value("fields.sc4s_syslog_format"));
set("cisco_ucm" value("fields.sc4s_vendor_product"));
set("$HOST_FROM" value("HOST") );
set("$2" value("HOST") condition(match("^..." template("${2}"))) );
set("$4" value("MESSAGE"));
};
parser (p_cisco_ucm_date);
rewrite (r_cisco_ucm_message);
{{ else if eq .parser "no_parse" }}
rewrite(set_no_parse);
{{ else }}
Expand All @@ -119,22 +105,8 @@ source s_{{ .port_id }} {
rewrite(set_rfc5424_epochtime);
} elif {
filter(f_cisco_ucm_message);
parser {
#Oct 14 2015 05:50:19 AM.484 UTC
#Apr 21 19:01:35.638 UTC
date-parser(format(
'%b %d %Y %I:%M:%S %p.%f %Z',
'%b %d %H:%M:%S.%f %Z'
)
template("$3"));
};
rewrite {
set("cisco_ucm" value("fields.sc4s_syslog_format"));
set("cisco_ucm" value("fields.sc4s_vendor_product"));
set("$HOST_FROM" value("HOST") );
set("$2" value("HOST") condition(match("^..." template("${2}"))) );
set("$4" value("MESSAGE"));
};
parser (p_cisco_ucm_date);
rewrite (r_cisco_ucm_message);
} elif {
filter(f_rfc3164_version);
rewrite(set_rfc3164_no_version_string);
Expand Down

0 comments on commit 8ba5806

Please sign in to comment.