diff --git a/src/datadog/grok/parse_grok.rs b/src/datadog/grok/parse_grok.rs index b87e280e5..cfb0139ef 100644 --- a/src/datadog/grok/parse_grok.rs +++ b/src/datadog/grok/parse_grok.rs @@ -420,6 +420,24 @@ mod tests { assert_eq!(error, Error::NoMatch); } + #[test] + fn fails_on_too_many_match_retries() { + let rules = parse_grok_rules( + // patterns + &[ + "%{DATA}\\s+%{word}\\s+%{notSpace}:\\s+DL=(\\[%{date(\"dd/MMM/yyyy:HH:mm:ss.SSS\"):haproxy.response_time}\\],<%{number:haproxy.pid}>,<%{number:haproxy.request.counter}>,<%{DATA:http.request.id}>,<%{number:haproxy.cpu_calls}>,<%{number:haproxy.cpu_ns_tot}>,<%{number:haproxy.cpu_ns_avg}>,<%{number:haproxy.lat_ns_tot}>,<%{number:haproxy.lat_ns_avg}>,<%{number:haproxy.frontend.log_counter}>,<%{DATA:haproxy.config.file.path}>,<%{DATA:haproxy.config.file.number}>,<%{ip:source.ip}>,<%{port:source.port}>,<%{DATA:destination.ip}>,<%{DATA:destination.port}>,<%{DATA:haproxy.frontend_name}>,<%{DATA:haproxy.frontend_name_tls}>,<%{DATA:haproxy.health.backend.name}>,<%{DATA:destination.nat.ip}>,<%{DATA:destination.nat.port}>,<%{number:haproxy.bytes_read}>,<%{number:haproxy.bytes_uploaded}>,<%{DATA:haproxy.termination_state}>,<%{DATA:haproxy.cache.hit}>,<%{DATA:haproxy.compression}>|\\[%{date(\"dd/MMM/yyyy:HH:mm:ss.SSS\"):haproxy.response_time}\\],<%{number:haproxy.pid}>,<%{number:haproxy.request.counter}>,<%{DATA:http.request.id}>,<%{number:haproxy.cpu_calls}>,<%{number:haproxy.cpu_ns_tot}>,<%{number:haproxy.cpu_ns_avg}>,<%{number:haproxy.lat_ns_tot}>,<%{number:haproxy.lat_ns_avg}>,<%{number:haproxy.frontend.log_counter}>,<%{DATA:haproxy.config.file.path}>,<%{DATA:haproxy.config.file.number}>,<%{ip:source.ip}>,<%{port:source.port}>,<%{DATA:destination.ip}>,<%{DATA:destination.port}>,<%{DATA:haproxy.frontend_name}>,<%{DATA:haproxy.frontend_name_tls}>,<%{DATA:haproxy.health.backend.name}>,<%{ip:destination.nat.ip}>,<%{port:destination.nat.port}>,<%{number:haproxy.bytes_read}>,<%{number:haproxy.bytes_uploaded}>,<%{DATA:haproxy.termination_state}>,<%{DATA:haproxy.cache.hit}>,<%{DATA:haproxy.compression}>),TML=%{DATA},QL=%{DATA:queues_log},CONNL=%{DATA},TL=<%{DATA:trace.id}>,<%{DATA:span_id}>,<%{DATA:aero.app.id}>,<%{DATA:trace.device_id}>,<%{DATA:trace.ibe_proxy}>,<%{DATA:trace.test}>,<%{DATA:trace.test2}>,<%{boolean:recaptcha.tracking_id}>,<%{DATA:fingerprint}>,<%{DATA:test}>,<%{DATA:suspicious_client}>,<%{DATA:crawler_status}>,<%{DATA:recaptcha.score}>,<%{DATA:recaptcha.cookie}>,HL=%{DATA},AL=%{DATA},PL=%{DATA},SL=%{DATA},DDL=%{DATA},RLL=%{DATA},WL=%{DATA},MML=<%{DATA:maxmind.geo.city_name}>,<%{DATA:maxmind.geo.location.lat}>,<%{DATA:maxmind.geo.location.lon}>,<%{DATA:maxmind.geo.timezone}>,<%{DATA:maxmind.test}>,<%{DATA:maxmind.geo.country_name}>,<%{DATA:maxmind.geo.country_code}>,<%{DATA:maxmind.geo.continent_name}>,<%{DATA:maxmind.geo.continent_code}>,<%{DATA:maxmind.bar}>,<%{DATA:maxmind.foo}>,<%{DATA:maxmind.geo.region_name}>,<%{DATA:maxmind.geo.region_code}>,<%{DATA:maxmind.geo.request.limit}>,<%{DATA:maxmind.geo.request.hits}>,<%{DATA:maxmind.geo.request.action}>,<%{DATA:maxmind.geo.peak_hour_start}>,<%{DATA:maxmind.geo.peak_hour_end}>,PCL=%{DATA},BOT=<%{DATA:botmgmt.country_block_score}>,<%{DATA:botmgmt.country_recaptcha_score}>,<%{DATA:botmgmt.score}>,<%{DATA:botmgmt.crawler}>,<%{DATA:botmgmt.label}>,<%{DATA:botmgmt.verified_bot}>,<%{DATA:botmgmt.DATA_tag}>,<%{DATA:botmgmt.triggers}>,<%{DATA:botmgmt.magic}>,<%{DATA:botmgmt.magic_score}>,<%{DATA:botmgmt.ext}>,<%{DATA:botmgmt.magic_label}>,<%{DATA:botmgmt.triggers_hc}>,<%{DATA:botmgmt.verified_bot_category}>,<%{DATA:botmgmt.triggers_hc_http_req_cnt_cur}>,<%{DATA:botmgmt.triggers_hc_http_req_cnt_max}>,SPOE=%{DATA},CL=%{DATA}".to_string() + ], + BTreeMap::new() + ).expect("couldn't parse rules"); + + let parsed = parse_grok( + r#"Oct 1 03:55:13 test test-lb[1234567]: DL=[01/Oct/2024:03:55:12.764],<1234567>,<12345678>,<00-12312312312312312312312312312312-abc123abc123ab-01>,<1>,<1>,<1>,<1234>,<123>,<1234567>,<->,<->,<123.123.123.123>,<12345>,<123.12.1.12>,<123>,,,,<123.12.12.12>,<1234>,<+1234>,<1>,<--VN>,<1>,<1>,TML=<+123>,<+123>,<1>,<12>,<+123>,<1>,<1>,<1>,<123>,<0>,<01/Oct/2024:03:55:12.779>,<->,QL=<1>,<1>,<1>,CONNL=<12>,<1234>,<123>,<12>,<12>,<123>,<12>,<1>,<12>,<12>,<1>,TL=,,<->,<>,<->,<->,<->,,,<1>,,,<->,<->,HL=<0>,,<->,,,,<123>,,<\"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/123.12 (KHTML, like Gecko) Chrome/12.1.1234.123 Safari/123.45\">,AL=<->,,<->,,<\"\">,<\"\">,<->,<->,<->,<->,<->,<->,<->,PL=<->,<->,<->,<->,<->,,<->,<->,<->,SL=,,,<1>,<->,DDL=<1>/<12>,<12>/<123>,<->,<12>/<123>,<1>/<123>,RLL=<123>,<12>,WL=<->,MML=,<12.123456>,<0.123456>,,<12>,,,,,<1234>,,,,<->,<->,<->,<->,<->,PCL=<->,,BOT=<12>,<12>,<12>,<->,,<->,<2024-09-19T15-11-21.123456>,,<12121212121212121212121212121212121212121212121212>,<12>,,,,<->,<->,<->,SPOE=<->,,<->,PAYL=<->,<->,<->,<->,<->,<->,<->,<->,<->,<->,<->,<->,<->,<->,CL=<\"test.test.com\">,<1234>,<\"text/xml\">,<\"\">,<\"https://test.test.com/test/test/test\">,<->,<->,,<->,<\"text/xml;charset=UTF-8\">,<\"immutabl\">,,,<->,,