Docs: Fix & test more grok processor documentation (#49447)

The documentation contained a small error, as bytes and duration was not properly converted to a number and thus remained a string. The documentation is now also properly tested by providing a full blown simulate pipeline example.
2019-12-03 11:47:27 +01:00 · 2019-12-03 11:47:27 +01:00 · 6e751f5536
parent 0592b3c726
commit 6e751f5536
1 changed files with 38 additions and 32 deletions
--- a/docs/reference/ingest/processors/grok.asciidoc
+++ b/docs/reference/ingest/processors/grok.asciidoc
@ -68,53 +68,59 @@ include::common-options.asciidoc[]
 Here is an example of using the provided patterns to extract out and name structured fields from a string field in
 a document.

-[source,js]
+[source,console]
 --------------------------------------------------
+POST _ingest/pipeline/_simulate
 {
-  "message": "55.3.244.1 GET /index.html 15824 0.043"
-}
--------------------------------------------------
-// NOTCONSOLE
-
-The pattern for this could be:
-
-[source,txt]
--------------------------------------------------
-%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}
--------------------------------------------------
-
-Here is an example pipeline for processing the above document by using Grok:
-
-[source,js]
--------------------------------------------------
-{
-  "description" : "...",
-  "processors": [
+  "pipeline": {
+    "description" : "...",
+    "processors": [
+      {
+        "grok": {
+          "field": "message",
+          "patterns": ["%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes:int} %{NUMBER:duration:double}"]
+        }
+      }
+    ]
+  },
+  "docs":[
    {
-      "grok": {
-        "field": "message",
-        "patterns": ["%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}"]
+      "_source": {
+        "message": "55.3.244.1 GET /index.html 15824 0.043"
      }
    }
  ]
 }
 --------------------------------------------------
-// NOTCONSOLE

 This pipeline will insert these named captures as new fields within the document, like so:

-[source,js]
+[source,console-result]
 --------------------------------------------------
 {
-  "message": "55.3.244.1 GET /index.html 15824 0.043",
-  "client": "55.3.244.1",
-  "method": "GET",
-  "request": "/index.html",
-  "bytes": 15824,
-  "duration": "0.043"
+  "docs": [
+    {
+      "doc": {
+        "_index": "_index",
+        "_type": "_doc",
+        "_id": "_id",
+        "_source" : {
+          "duration" : 0.043,
+          "request" : "/index.html",
+          "method" : "GET",
+          "bytes" : 15824,
+          "client" : "55.3.244.1",
+          "message" : "55.3.244.1 GET /index.html 15824 0.043"
+        },
+        "_ingest": {
+          "timestamp": "2016-11-08T19:43:03.850+0000"
+        }
+      }
+    }
+  ]
 }
 --------------------------------------------------
-// NOTCONSOLE
+// TESTRESPONSE[s/2016-11-08T19:43:03.850\+0000/$body.docs.0.doc._ingest.timestamp/]

 [[custom-patterns]]
 ==== Custom Patterns