my own named pattern matches are not returned

[ejtaal]

Hi,

Thanks for your cool library, I'm becoming a very happy user :)

One question if I may, as I'm wondering if this is a bug or not:

Input: Aug 12 11:45:23 fshq-mis snmpd[7074]: Received SNMP packet(s) from UDP: [127.0.0.1]:58249 Regexp: (?<bd>\d+).*%{IP:blah}

Returned: array(1) { ["blah"]=> string(9) "127.0.0.1" }

Expected: array(5) { [0]=> string(78) "12 11:45:23 fshq-mis snmpd[7074]: Received SNMP packet(s) from UDP: [127.0.0.1" ["bd"]=> string(2) "12" [1]=> string(2) "12" ["blah"]=> string(9) "127.0.0.1" [2]=> string(9) "127.0.0.1" }

Fair enough, the [0] [1] and [2] could be omitted perhaps, but would it be possible to perhaps make this an option to include our own named patterns? I can see it's something to do with Fieldmap but before I start hacking wish to know if the above is by design or not.

Thanks and regards, Erik

[kos4live]

Hi Erik,

sorry for my late answer. Maybe i miss understand you, you can add custom patterns by using method addPattern('grokName', 'regex'). The numeric index is completly replaced by a named key array, based on your Grok-Naming (%{IP:blah}, for example: blah). You will only get named pattern in the result array. If you wish to add bd to array, try this (untested):

$grok = new Grok;
$grok->addPattern('CUSTOM_DECIMAL', '(:?\d+)');
$result = $grok->parse('%{CUSTOM_DECIMAL:bd}.*%{IP:blah}', 'Aug 12 11:45:23 fshq-mis snmpd[7074]: Received SNMP packet(s) from UDP: [127.0.0.1]:58249');

$result should be returned:

array(2) {
    ["bd"]=>
    string(2) "12"
    ["blah"]=>
    string(9) "127.0.0.1"
}