fix: fix app-syslog-pure_storage (#2268)

splunk · Nov 21, 2023 · 0515179 · 0515179
1 parent 620e7c4
commit 0515179
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 9 deletions.
diff --git a/package/etc/conf.d/conflib/syslog/app-syslog-pure_storage.conf b/package/etc/conf.d/conflib/syslog/app-syslog-pure_storage.conf
@@ -28,7 +28,8 @@ block parser app-syslog-pure_storage() {
 };
 application app-syslog-pure_storage[sc4s-syslog-pgm] {
 	filter {
-        program('^purity\.');
+        program('^purity\.')
+        or program('space_utility_json.py');
     };	
     parser { app-syslog-pure_storage(); };
 };
diff --git a/package/lite/etc/addons/purestorage/app-syslog-pure_storage.conf b/package/lite/etc/addons/purestorage/app-syslog-pure_storage.conf
@@ -28,7 +28,8 @@ block parser app-syslog-pure_storage() {
 };
 application app-syslog-pure_storage[sc4s-syslog-pgm] {
 	filter {
-        program('^purity\.');
-    };	
+        program('^purity\.')
+        or program('space_utility_json.py');
+    };
     parser { app-syslog-pure_storage(); };
 };
diff --git a/tests/test_purestorage.py b/tests/test_purestorage.py
@@ -16,8 +16,22 @@
 env = Environment(autoescape=select_autoescape(default_for_string=False))
 
 # <182>Jan 19 10:47:33 host purity.test: INFO [root] This is a test message generated by Pure Storage FlashArray. UTC Time: 2022 Jan 19 15:47:33 Array Name: TTDSA-PS02
+# <182>Oct  3 15:23:39 host /space_utility_json.py[98617]: {"payload": {"effective_used": 111111111111111, "total_extents": 111111111, "legacy_effective_used": 111111111111111, "legacy_total_extents": 111111111, "data_reduction": "1.111111111111111", "array_id": "1111111-111111111-111111111111111111", "version": "3.1", "product": "XX", "timestamp": "2023-10-03T19:23:37.924870+00:00"}, "signature": "XXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-XX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXX__XXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXX"}
+
+test_data = [
+        {
+            "template": "{{mark}}{{ bsd }} {{ host }} purity.test: INFO [root] This is a test message generated by Pure Storage FlashArray. UTC Time: 2022 Jan 19 15:47:33 Array Name: TTDSA-PS02\n",
+            "sourcetype": "purestorage:array:test"
+        },
+        {
+            "template": '{{mark}}{{ bsd }} {{ host }} /space_utility_json.py[98617]: {"payload": {"effective_used": 111111111111111, "total_extents": 111111111, "legacy_effective_used": 111111111111111, "legacy_total_extents": 111111111, "data_reduction": "1.111111111111111", "array_id": "1111111-111111111-111111111111111111", "version": "3.1", "product": "XX", "timestamp": "2023-10-03T19:23:37.924870+00:00"}, "signature": "XXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-XX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXX__XXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXX"}',
+            "sourcetype": "purestorage:array"
+        }
+]
+
+@pytest.mark.parametrize("test_case", test_data)
 @pytest.mark.addons("purestorage")
-def test_pure_storage(record_property,  setup_splunk, setup_sc4s):
+def test_pure_storage(record_property, setup_splunk, setup_sc4s, test_case):
     host = f"{shortuuid.ShortUUID().random(length=5).lower()}-{shortuuid.ShortUUID().random(length=5).lower()}"
 
     dt = datetime.datetime.now()
@@ -26,16 +40,14 @@ def test_pure_storage(record_property,  setup_splunk, setup_sc4s):
     # Tune time functions
     epoch = epoch[:-7]
 
-    mt = env.from_string(
-        "{{mark}}{{ bsd }} {{ host }} purity.test: INFO [root] This is a test message generated by Pure Storage FlashArray. UTC Time: 2022 Jan 19 15:47:33 Array Name: TTDSA-PS02\n"
-    )
+    mt = env.from_string(test_case["template"])
     message = mt.render(mark="<27>", bsd=bsd, host=host)
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
     st = env.from_string(
-        'search _time={{ epoch }} index=infraops sourcetype=purestorage:array:test host="{{key}}"'
+        'search _time={{ epoch }} index=infraops sourcetype={{sourcetype}} host="{{key}}"'
     )
-    search = st.render(epoch=epoch, key=host)
+    search = st.render(epoch=epoch, sourcetype=test_case["sourcetype"], key=host)
 
     result_count, _ = splunk_single(setup_splunk, search)