Skip to content

Commit 372ea47

Browse files
nazargesyknazargesyk
authored
Merge pull request #201 from UncoderIO/gis-8557
Gis 8557 splunk fixes
2 parents 2edcac1 + d9e767d commit 372ea47

File tree

1 file changed

+4
-0
lines changed
  • uncoder-core/app/translator/platforms/base/spl/parsers

1 file changed

+4
-0
lines changed

uncoder-core/app/translator/platforms/base/spl/parsers/spl.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@
2929

3030
class SplQueryParser(PlatformQueryParser):
3131
log_source_pattern = r"^___source_type___\s*=\s*(?:\"(?P<d_q_value>[%a-zA-Z_*:0-9\-/]+)\"|(?P<value>[%a-zA-Z_*:0-9\-/]+))(?:\s+(?:and|or)\s+|\s+)?" # noqa: E501
32+
rule_name_pattern = r"`(?P<name>(?:[:a-zA-Z*0-9=+%#\-_/,;`?~‘\'.<>$&^@!\]\[()\s])*)`"
3233
log_source_key_types = ("index", "source", "sourcetype", "sourcecategory")
3334

3435
platform_functions: SplFunctions = None
@@ -53,6 +54,9 @@ def _parse_log_sources(self, query: str) -> tuple[dict[str, list[str]], str]:
5354
return log_sources, query
5455

5556
def _parse_query(self, query: str) -> tuple[str, dict[str, list[str]], ParsedFunctions]:
57+
if re.match(self.rule_name_pattern, query):
58+
search = re.search(self.rule_name_pattern, query, flags=re.IGNORECASE)
59+
query = query[:search.start()] + query[search.end():]
5660
query = query.strip()
5761
log_sources, query = self._parse_log_sources(query)
5862
query, functions = self.platform_functions.parse(query)

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy