We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see ourdocumentation.
There was an error while loading.Please reload this page.
2 parents2edcac1 +d9e767d commit372ea47Copy full SHA for 372ea47
uncoder-core/app/translator/platforms/base/spl/parsers/spl.py
@@ -29,6 +29,7 @@
29
30
classSplQueryParser(PlatformQueryParser):
31
log_source_pattern=r"^___source_type___\s*=\s*(?:\"(?P<d_q_value>[%a-zA-Z_*:0-9\-/]+)\"|(?P<value>[%a-zA-Z_*:0-9\-/]+))(?:\s+(?:and|or)\s+|\s+)?"# noqa: E501
32
+rule_name_pattern=r"`(?P<name>(?:[:a-zA-Z*0-9=+%#\-_/,;`?~‘\'.<>$&^@!\]\[()\s])*)`"
33
log_source_key_types= ("index","source","sourcetype","sourcecategory")
34
35
platform_functions:SplFunctions=None
@@ -53,6 +54,9 @@ def _parse_log_sources(self, query: str) -> tuple[dict[str, list[str]], str]:
53
54
returnlog_sources,query
55
56
def_parse_query(self,query:str)->tuple[str,dict[str,list[str]],ParsedFunctions]:
57
+ifre.match(self.rule_name_pattern,query):
58
+search=re.search(self.rule_name_pattern,query,flags=re.IGNORECASE)
59
+query=query[:search.start()]+query[search.end():]
60
query=query.strip()
61
log_sources,query=self._parse_log_sources(query)
62
query,functions=self.platform_functions.parse(query)