Hi,
I am trying to use logstash-filter-verifier (https://github.com/magnusbaeck/logstash-filter-verifier) for verifying my logstash filter. There is a simple issue and I think that I am doing a simple mistake here, but still could not figure out this.
I have a simple filter here where it differentiates first name, last name, and age
filter {
grok {
match => ["message", "%{WORD:firstname} %{WORD:lastname} %{NUMBER:age}"]
overwrite => [ "message" ]
}
}
this is my test json file
{
"fields": {
"type": "syslog"
},
"input": [
"sameera manorathna 23"
],
"expected": [
{
"firstname": "sameera",
"lastname": "manorathna",
"host": "sameera-pc",
"message": "sameera manorathna 23",
"age": "23",
"type": "syslog"
}
]
}
And I am not providing any timestamp related values here in the test json file. But there is an error related to the timestamp
Running tests in input.json...
Comparing message 1 of 1 from input.json...
--- /tmp/286448667/input.json/1/expected 2019-04-19 09:30:59.747762719 +0530
+++ /tmp/286448667/input.json/1/actual 2019-04-19 09:30:59.747762719 +0530
@@ -1,4 +1,5 @@
{
+ "@timestamp": "2019-04-19T04:00:58.461Z",
"age": "23",
"firstname": "sameera",
"host": "sameera-pc",
Testcase failed, continuing with the rest: 1 message(s) did not match the expectations.
one or more testcases failed
This could be a stupid question. I know that this is a stupid question. But how the date filter works here?