Changing/extending the patternMap in a BasicParser

[Pieter Baele <pi...@gmail.com>]

Hi,

Maybe asked before....
Some parsers extending the BasicParser use a patternMap which refer to the
grok pattern.
But what about missing values in the patternMap?
Both the grok pattern files in hdfs need to be modified if absent, but also
the patternMap in the code.....
Or is there a dynamic way such as with GrokParser(s) that do not require
recompilation?

In this case the grok pattern is already present but the tag is sent as 2
syslog severities from the device.

Sincerely Pieter

Re: Changing/extending the patternMap in a BasicParser

[Otto Fowler <ot...@gmail.com>]

Any parsers like that are limited, and can be improved on, but if they do
that all in code, then they must be compiled to be modified.
On top of this, if they are the parsers metron ships, because they all come
bundled together, you can’t just rebuild that one parser, unless
you create a new parser from the old one suited to your needs.

Any parser that you think should be improved for this kind of usability
should have a jira logged against it describing your use case and what
you’d like to happen.



On May 1, 2019 at 02:03:48, Pieter Baele (pieter.baele@gmail.com) wrote:

Hi,

Maybe asked before....
Some parsers extending the BasicParser use a patternMap which refer to the
grok pattern.
But what about missing values in the patternMap?
Both the grok pattern files in hdfs need to be modified if absent, but also
the patternMap in the code.....
Or is there a dynamic way such as with GrokParser(s) that do not require
recompilation?

In this case the grok pattern is already present but the tag is sent as 2
syslog severities from the device.

Sincerely Pieter