adding test cases for the log files and also fixed the pattern that was half last time

Author: vinayakg

patterns/aws

@@ -12,4 +12,4 @@ ELB_ACCESS_LOG %{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:elb} %{IP:clientip}:%{I
 
 CLOUDFRONT_ACCESS_LOG (?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}\t%{TIME})\t%{WORD:x_edge_location}\t(?:%{NUMBER:sc_bytes:int}|-)\t%{IPORHOST:clientip}\t%{WORD:cs_method}\t%{HOSTNAME:cs_host}\t%{NOTSPACE:cs_uri_stem}\t%{NUMBER:sc_status:int}\t%{GREEDYDATA:referrer}\t%{GREEDYDATA:agent}\t%{GREEDYDATA:cs_uri_query}\t%{GREEDYDATA:cookies}\t%{WORD:x_edge_result_type}\t%{NOTSPACE:x_edge_request_id}\t%{HOSTNAME:x_host_header}\t%{URIPROTO:cs_protocol}\t%{INT:cs_bytes:int}\t%{GREEDYDATA:time_taken:float}\t%{GREEDYDATA:x_forwarded_for}\t%{GREEDYDATA:ssl_protocol}\t%{GREEDYDATA:ssl_cipher}\t%{GREEDYDATA:x_edge_response_result_type}
 
-ALB_ACCESS_LOG %{DATA:request_type} %{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:alb_reso
+ALB_ACCESS_LOG %{DATA:request_type} %{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:alb_resource_id} %{IP:client_ip}:%{NUMBER:client_port:int} (?:%{IP:target_ip}:%{NUMBER:target_port:int}|-) %{NUMBER:request_processing_time:float} %{NUMBER:target_processing_time:float} %{NUMBER:response_processing_time:float} (?:%{NUMBER:elb_status_code:int}|-) (?:%{NUMBER:target_status_code:int}|-) %{NUMBER:received_bytes:int} %{NUMBER:sent_bytes:int} \"(?:%{WORD:verb}|-) (?:%{GREEDYDATA:request}|-) (?:HTTP/%{NUMBER:httpversion}|-( )?)\" \"%{DATA:userAgent}\"( %{NOTSPACE:ssl_cipher} %{NOTSPACE:ssl_protocol})? %{NOTSPACE:target_group_arn}? \"%{NOTSPACE:trace_id}\" \"%{NOTSPACE:domain_name}\" \"%{NOTSPACE:chosen_cert_arn}\" %{NOTSPACE:matched_rule_priority} %{TIMESTAMP_ISO8601:request_creation_time} \"%{NOTSPACE:actions_executed}\" \"%{DATA:redirect_url}\" \"%{NOTSPACE:error_reason}\" \"%{DATA:target_port_list}\" \"%{DATA:target_status_code_list}\"

spec/patterns/aws_spec.rb

@@ -171,3 +171,43 @@
     end
   end
 end
+
+describe "ALB_ACCESS_LOG" do
+
+    let(:pattern) { "ALB_ACCESS_LOG" }
+  
+    context "parsing a ALB (Application Load Balancer) access log" do
+  
+      let(:value) { "https 2020-04-09T23:51:41.309191Z app/OJProdLoadBalancer/278a3c7472bb5054 63.143.42.244:23863 172.31.2.30:5001 0.002 0.217 0.000 200 200 448 348 \"HEAD https://abc.com:443/packages HTTP/1.1\" \"Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)\" ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 arn:aws:elasticloadbalancing:ap-south-1:855430014109:targetgroup/ABC-FrontEnd/8c8983a24851ee4a \"Root=1-5e8fb50d-df9a95404831631626fb545e\" \"abc.com\" \"arn:aws:acm:ap-south-1:855430014109:certificate/e3fb2074-0c09-4be9-a32c-5c985e540144\" 0 2020-04-09T23:51:41.090000Z \"forward\" \"-\" \"-\" \"172.31.2.30:5001\" \"200\"" }
+  
+      subject { grok_match(pattern, value) }
+  
+      it { should include("request_type" => "https" ) }
+      it { should include("timestamp" => "2020-04-09T23:51:41.309191Z" ) }
+      it { should include("alb_resource_id" => "app/OJProdLoadBalancer/278a3c7472bb5054" ) }
+      it { should include("clientip" => "63.143.42.244" ) }
+      it { should include("target_ip" =>  "172.31.2.30" ) }
+      it { should include("verb" => "HEAD" ) }
+      it { should include("request" => "https://abc.com:443/packages/maldives" ) }
+      it { should include("httpversion" => 1.1 ) }
+      it { should include("userAgent" => "Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/" ) }
+      it { should include("agent" => "Mozilla/5.0%2520(Windows%2520NT%25206.1;%2520WOW64)%2520AppleWebKit/537.36%2520(KHTML,%2520like%2520Gecko)%2520Chrome/51.0.2704.79%2520Safari/537.36" ) }
+      it { should include("ssl_cipher" => "ECDHE-RSA-AES128-GCM-SHA256" ) }
+      it { should include("ssl_protocol" => "TLSv1.2" ) }
+      it { should include("target_group_arn" => "arn:aws:elasticloadbalancing:ap-south-1:855430014109:targetgroup/ABC-FrontEnd/8c8983a24851ee4a") }
+      it { should include("trace_id" => "Root=1-5e8fb50d-df9a95404831631626fb545e" ) }
+      it { should include("domain_name" => "abc.com" ) }
+      it { should include("chosen_cert_arn" => "arn:aws:acm:ap-south-1:855430014109:certificate/e3fb2074-0c09-4be9-a32c-5c985e540144" ) }
+      it { should include("request_creation_time" => "2020-04-09T23:51:41.090000Z" ) }
+      it { should include("actions_executed" => "forward" ) }
+      it { should include("error_reason" => "-" ) }
+      it { should include("target_port_list" => "172.31.2.30:5001" ) }
+      it { should include("target_status_code_list" => "200" ) }
+  
+      ["tags", "params"].each do |attribute|
+        it "have #{attribute} as nil" do
+          expect(subject[attribute]).to be_nil
+        end
+      end
+    end
+  end