Skip to content

Commit

Permalink
Fixed test case for corrected new metric name and for vs-code executi…
Browse files Browse the repository at this point in the history 
…on with -det args
  • Loading branch information
rfaircloth-splunk committed May 16, 2020
1 parent 8eaea05 commit a84f57d
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
log {
source(s_internal);

if (match("^Log statistics; " value("MESSAGE"))) {
if (match("Log statistics; " value("MESSAGE"))) {

rewrite { r_set_splunk_dest_default(sourcetype("sc4s:metrics"), index("em_metrics")) };

parser {p_add_context_splunk(key("sc4s_metrics")); };
rewrite {
subst('Log statistics; ', '', value("MESSAGE"), flags("utf8" "global"));
subst('.*Log statistics; ', '', value("MESSAGE"), flags("utf8" "global"));
subst('([^= ]+=\x27[^\(]+\(#anon[^,\)]+(?:,[^,]+,[^\)]+)?\)\=\d+\x27(?:, )?)', '', value("MESSAGE"), flags("utf8" "global"));
subst('(?<Type>[^= ]+)=\x27(?<SourceName>[^\(]+)\((?<SourceId>\S+(?=\)=))(?:,(?<SourceInstance>[^,]+),(?<State>[^\)]+))?\)\=(?<Number>\d+)\x27,? ?',
'{"time": "$S_UNIXTIME","event": "metric","host": "$HOST","index": "${.splunk.index}","source": "internal","sourcetype": "${.splunk.sourcetype}","fields": {"source_name": "${SourceName}","source_instance": "${SourceInstance}","state": "${State}","type": "${Type}","_value": ${Number},"metric_name": "syslogng.${SourceId}"}}
Expand Down
4 changes: 2 additions & 2 deletions tests/test_common.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,14 +109,14 @@ def test_fallback(record_property, setup_wordlist, setup_splunk, setup_sc4s):
def test_metrics(record_property, setup_wordlist, setup_splunk, setup_sc4s):

st = env.from_string(
'mcatalog values(metric_name) WHERE metric_name="syslogng.d_*#0" AND ("index"="*" OR "index"="_*") BY index | fields index')
'mcatalog values(metric_name) WHERE metric_name="syslogng.*" AND ("index"="*" OR "index"="_*") BY metric_name | fields metric_name')
search = st.render()

resultCount, eventCount = splunk_single(setup_splunk, search)

record_property("resultCount", resultCount)

assert resultCount == 1
assert resultCount != 0


def test_tz_guess(record_property, setup_wordlist, setup_splunk, setup_sc4s):
Expand Down

0 comments on commit a84f57d

Please sign in to comment.