@@ -141,7 +141,7 @@ func (n *Node) validate(ectx EnricherCtx) error {
141141 return nil
142142}
143143
144- func (n * Node ) processFilter (cachedExprEnv map [string ]interface {} ) (bool , error ) {
144+ func (n * Node ) processFilter (cachedExprEnv map [string ]any ) (bool , error ) {
145145 clog := n .Logger
146146 if n .RunTimeFilter == nil {
147147 clog .Tracef ("Node has not filter, enter" )
@@ -173,7 +173,7 @@ func (n *Node) processFilter(cachedExprEnv map[string]interface{}) (bool, error)
173173 return true , nil
174174}
175175
176- func (n * Node ) processWhitelist (cachedExprEnv map [string ]interface {} , p * types.Event ) (bool , error ) {
176+ func (n * Node ) processWhitelist (cachedExprEnv map [string ]any , p * types.Event ) (bool , error ) {
177177 var exprErr error
178178
179179 isWhitelisted := n .CheckIPsWL (p )
@@ -207,8 +207,9 @@ func (n *Node) processWhitelist(cachedExprEnv map[string]interface{}, p *types.E
207207
208208func (n * Node ) processGrok (p * types.Event , cachedExprEnv map [string ]any ) (bool , bool , error ) {
209209 // Process grok if present, should be exclusive with nodes :)
210+ var nodeHasOKGrok bool
211+
210212 clog := n .Logger
211- var NodeHasOKGrok bool
212213 gstr := ""
213214
214215 if n .Grok .RunTimeRegexp == nil {
@@ -263,7 +264,7 @@ func (n *Node) processGrok(p *types.Event, cachedExprEnv map[string]any) (bool,
263264 }
264265
265266 /*tag explicitly that the *current* node had a successful grok pattern. it's important to know success state*/
266- NodeHasOKGrok = true
267+ nodeHasOKGrok = true
267268
268269 clog .Debugf ("+ Grok '%s' returned %d entries to merge in Parsed" , groklabel , len (grok ))
269270 // We managed to grok stuff, merged into parse
@@ -278,22 +279,74 @@ func (n *Node) processGrok(p *types.Event, cachedExprEnv map[string]any) (bool,
278279 return false , false , err
279280 }
280281
281- return true , NodeHasOKGrok , nil
282+ return true , nodeHasOKGrok , nil
282283}
283284
284- func (n * Node ) process (p * types.Event , ctx UnixParserCtx , expressionEnv map [string ]interface {}) (bool , error ) {
285+ func (n * Node ) processStash (p * types.Event , cachedExprEnv map [string ]any , logger * log.Entry ) error {
286+ for idx , stash := range n .Stash {
287+ var (
288+ key string
289+ value string
290+ )
291+
292+ if stash .ValueExpression == nil {
293+ logger .Warningf ("Stash %d has no value expression, skipping" , idx )
294+ continue
295+ }
296+
297+ if stash .KeyExpression == nil {
298+ logger .Warningf ("Stash %d has no key expression, skipping" , idx )
299+ continue
300+ }
301+ // collect the data
302+ output , err := exprhelpers .Run (stash .ValueExpression , cachedExprEnv , logger , n .Debug )
303+ if err != nil {
304+ logger .Warningf ("Error while running stash val expression : %v" , err )
305+ }
306+ // can we expect anything else than a string ?
307+ switch output := output .(type ) {
308+ case string :
309+ value = output
310+ default :
311+ logger .Warningf ("unexpected type %t (%v) while running '%s'" , output , output , stash .Value )
312+ continue
313+ }
314+
315+ // collect the key
316+ output , err = exprhelpers .Run (stash .KeyExpression , cachedExprEnv , logger , n .Debug )
317+ if err != nil {
318+ logger .Warningf ("Error while running stash key expression : %v" , err )
319+ }
320+ // can we expect anything else than a string ?
321+ switch output := output .(type ) {
322+ case string :
323+ key = output
324+ default :
325+ logger .Warningf ("unexpected type %t (%v) while running '%s'" , output , output , stash .Key )
326+ continue
327+ }
328+
329+ if err = cache .SetKey (stash .Name , key , value , & stash .TTLVal ); err != nil {
330+ logger .Warningf ("failed to store data in cache: %s" , err .Error ())
331+ }
332+ }
333+
334+ return nil
335+ }
336+
337+ func (n * Node ) process (p * types.Event , ctx UnixParserCtx , expressionEnv map [string ]any ) (bool , error ) {
285338 clog := n .Logger
286339
287340 cachedExprEnv := expressionEnv
288341
289342 clog .Tracef ("Event entering node" )
290343
291- NodeState , err := n .processFilter (cachedExprEnv )
344+ nodeState , err := n .processFilter (cachedExprEnv )
292345 if err != nil {
293346 return false , err
294347 }
295348
296- if ! NodeState {
349+ if ! nodeState {
297350 return false , nil
298351 }
299352
@@ -306,58 +359,15 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx, expressionEnv map[stri
306359 return false , err
307360 }
308361
309- NodeState , NodeHasOKGrok , err := n .processGrok (p , cachedExprEnv )
362+ nodeState , nodeHasOKGrok , err := n .processGrok (p , cachedExprEnv )
310363 if err != nil {
311364 return false , err
312365 }
313366
314- // Process the stash (data collection) if : a grok was present and succeeded, or if there is no grok
315- if NodeHasOKGrok || n .Grok .RunTimeRegexp == nil {
316- for idx , stash := range n .Stash {
317- var (
318- key string
319- value string
320- )
321-
322- if stash .ValueExpression == nil {
323- clog .Warningf ("Stash %d has no value expression, skipping" , idx )
324- continue
325- }
326-
327- if stash .KeyExpression == nil {
328- clog .Warningf ("Stash %d has no key expression, skipping" , idx )
329- continue
330- }
331- // collect the data
332- output , err := exprhelpers .Run (stash .ValueExpression , cachedExprEnv , clog , n .Debug )
333- if err != nil {
334- clog .Warningf ("Error while running stash val expression : %v" , err )
335- }
336- // can we expect anything else than a string ?
337- switch output := output .(type ) {
338- case string :
339- value = output
340- default :
341- clog .Warningf ("unexpected type %t (%v) while running '%s'" , output , output , stash .Value )
342- continue
343- }
344-
345- // collect the key
346- output , err = exprhelpers .Run (stash .KeyExpression , cachedExprEnv , clog , n .Debug )
347- if err != nil {
348- clog .Warningf ("Error while running stash key expression : %v" , err )
349- }
350- // can we expect anything else than a string ?
351- switch output := output .(type ) {
352- case string :
353- key = output
354- default :
355- clog .Warningf ("unexpected type %t (%v) while running '%s'" , output , output , stash .Key )
356- continue
357- }
358- if err = cache .SetKey (stash .Name , key , value , & stash .TTLVal ); err != nil {
359- clog .Warningf ("failed to store data in cache: %s" , err .Error ())
360- }
367+ // Process the stash (data collection) if: a grok was present and succeeded, or if there is no grok
368+ if nodeHasOKGrok || n .Grok .RunTimeRegexp == nil {
369+ if err := n .processStash (p , cachedExprEnv , clog ); err != nil {
370+ return false , err
361371 }
362372 }
363373
@@ -375,34 +385,34 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx, expressionEnv map[stri
375385 clog .Tracef ("\t sub-node (%s) ret : %v (strategy:%s)" , leaves [idx ].rn , ret , n .OnSuccess )
376386
377387 if ret {
378- NodeState = true
388+ nodeState = true
379389 /* if child is successful, stop processing */
380390 if n .OnSuccess == "next_stage" {
381391 clog .Debugf ("child is success, OnSuccess=next_stage, skip" )
382392 break
383393 }
384- } else if ! NodeHasOKGrok {
394+ } else if ! nodeHasOKGrok {
385395 /*
386396 If the parent node has a successful grok pattern, it's state will stay successful even if one or more chil fails.
387397 If the parent node is a skeleton node (no grok pattern), then at least one child must be successful for it to be a success.
388398 */
389- NodeState = false
399+ nodeState = false
390400 }
391401 }
392402 /*todo : check if a node made the state change ?*/
393403 /* should the childs inherit the on_success behavior */
394404
395- clog .Tracef ("State after nodes : %v" , NodeState )
405+ clog .Tracef ("State after nodes : %v" , nodeState )
396406
397407 // grok or leafs failed, don't process statics
398- if ! NodeState {
408+ if ! nodeState {
399409 if n .Name != "" {
400410 metrics .NodesHitsKo .With (prometheus.Labels {"source" : p .Line .Src , "type" : p .Line .Module , "name" : n .Name , "stage" : p .Stage , "acquis_type" : p .Line .Labels ["type" ]}).Inc ()
401411 }
402412
403413 clog .Debugf ("Event leaving node : ko" )
404414
405- return NodeState , nil
415+ return nodeState , nil
406416 }
407417
408418 if n .Name != "" {
@@ -425,7 +435,7 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx, expressionEnv map[stri
425435 clog .Tracef ("! No node statics" )
426436 }
427437
428- if NodeState {
438+ if nodeState {
429439 clog .Debugf ("Event leaving node : ok" )
430440 log .Tracef ("node is successful, check strategy" )
431441
@@ -447,15 +457,15 @@ func (n *Node) process(p *types.Event, ctx UnixParserCtx, expressionEnv map[stri
447457
448458 clog .Tracef ("Node successful, continue" )
449459
450- return NodeState , nil
460+ return nodeState , nil
451461}
452462
453463func (n * Node ) compile (pctx * UnixParserCtx , ectx EnricherCtx ) error {
454464 var err error
455465
456466 valid := false
457-
458467 dumpr := spew.ConfigState {MaxDepth : 1 , DisablePointerAddresses : true }
468+
459469 n .rn = seed .Generate ()
460470
461471 n .EnrichFunctions = ectx
@@ -482,7 +492,7 @@ func (n *Node) compile(pctx *UnixParserCtx, ectx EnricherCtx) error {
482492
483493 // compile filter if present
484494 if n .Filter != "" {
485- n .RunTimeFilter , err = expr .Compile (n .Filter , exprhelpers .GetExprOptions (map [string ]interface {} {"evt" : & types.Event {}})... )
495+ n .RunTimeFilter , err = expr .Compile (n .Filter , exprhelpers .GetExprOptions (map [string ]any {"evt" : & types.Event {}})... )
486496 if err != nil {
487497 return fmt .Errorf ("compilation of '%s' failed: %v" , n .Filter , err )
488498 }
@@ -543,7 +553,7 @@ func (n *Node) compile(pctx *UnixParserCtx, ectx EnricherCtx) error {
543553 /*if grok source is an expression*/
544554 if n .Grok .ExpValue != "" {
545555 n .Grok .RunTimeValue , err = expr .Compile (n .Grok .ExpValue ,
546- exprhelpers .GetExprOptions (map [string ]interface {} {"evt" : & types.Event {}})... )
556+ exprhelpers .GetExprOptions (map [string ]any {"evt" : & types.Event {}})... )
547557 if err != nil {
548558 return fmt .Errorf ("while compiling grok's expression: %w" , err )
549559 }
@@ -554,7 +564,7 @@ func (n *Node) compile(pctx *UnixParserCtx, ectx EnricherCtx) error {
554564 for idx := range n .Grok .Statics {
555565 if n .Grok .Statics [idx ].ExpValue != "" {
556566 n .Grok .Statics [idx ].RunTimeValue , err = expr .Compile (n .Grok .Statics [idx ].ExpValue ,
557- exprhelpers .GetExprOptions (map [string ]interface {} {"evt" : & types.Event {}})... )
567+ exprhelpers .GetExprOptions (map [string ]any {"evt" : & types.Event {}})... )
558568 if err != nil {
559569 return err
560570 }
@@ -566,13 +576,13 @@ func (n *Node) compile(pctx *UnixParserCtx, ectx EnricherCtx) error {
566576 /* load data capture (stash) */
567577 for i , stash := range n .Stash {
568578 n .Stash [i ].ValueExpression , err = expr .Compile (stash .Value ,
569- exprhelpers .GetExprOptions (map [string ]interface {} {"evt" : & types.Event {}})... )
579+ exprhelpers .GetExprOptions (map [string ]any {"evt" : & types.Event {}})... )
570580 if err != nil {
571581 return fmt .Errorf ("while compiling stash value expression: %w" , err )
572582 }
573583
574584 n .Stash [i ].KeyExpression , err = expr .Compile (stash .Key ,
575- exprhelpers .GetExprOptions (map [string ]interface {} {"evt" : & types.Event {}})... )
585+ exprhelpers .GetExprOptions (map [string ]any {"evt" : & types.Event {}})... )
576586 if err != nil {
577587 return fmt .Errorf ("while compiling stash key expression: %w" , err )
578588 }
@@ -622,7 +632,7 @@ func (n *Node) compile(pctx *UnixParserCtx, ectx EnricherCtx) error {
622632 /* load statics if present */
623633 for idx := range n .Statics {
624634 if n .Statics [idx ].ExpValue != "" {
625- n .Statics [idx ].RunTimeValue , err = expr .Compile (n .Statics [idx ].ExpValue , exprhelpers .GetExprOptions (map [string ]interface {} {"evt" : & types.Event {}})... )
635+ n .Statics [idx ].RunTimeValue , err = expr .Compile (n .Statics [idx ].ExpValue , exprhelpers .GetExprOptions (map [string ]any {"evt" : & types.Event {}})... )
626636 if err != nil {
627637 n .Logger .Errorf ("Statics Compilation failed %v." , err )
628638 return err
0 commit comments