metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dlyle65535 <>
Subject [GitHub] incubator-metron pull request #202: METRON-242: Remove Squid Pattern
Date Tue, 26 Jul 2016 21:52:55 GMT
GitHub user dlyle65535 opened a pull request:

    METRON-242: Remove Squid Pattern

    Squid emits access log lines with and without a ip_dst_addr. I replaced the Squid grok
pattern with a pattern that:
    1) Better handles the non-whitespace characters that appear after the timestamp
    2) Is tolerant to different characters between the url and the ip_dst_addr
    3) Makes ip_dst_addr optional
    In order to test both, I refactored the GrokParserTest to allow testing of different patterns
with a single grok statement.
    This was tested on quick-dev-platform.
    Please don't let the JIRA title fool you, the Requester asked to remove it or add a better
one. I chose to add a better one.

You can merge this pull request into a Git repository by running:

    $ git pull METRON-242

Alternatively you can review and apply these changes as the patch at:

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #202
commit 05f6738dcb5bc8340f321726570e32582c06c0a3
Author: David Lyle <>
Date:   2016-07-26T15:22:08Z

    METRON-242: Remove Squid Pattern


If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at or file a JIRA ticket
with INFRA.

View raw message