update all inputs to have tz_map available

P1llus · P1llus · commit d37ee7e26b70 · 2025-07-11T13:02:15.000+02:00
diff --git a/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json b/packages/cisco_nexus/data_stream/log/_dev/test/pipeline/test-nexus.log-expected.json
@@ -771,7 +771,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<187>May 3 13:20:50 10.100.0.34 6031594: May 3 13:20:48.739 AEST: last message repeated 5 time]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<187>May 3 13:20:50 10.100.0.34 6031594: May 3 13:20:48.739 AEST: last message repeated 5 time]"
                 ]
             },
             "event": {
@@ -794,7 +794,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<189>May 3 13:20:50 10.100.0.34 6031594: May 3 13:20:48.739 AEST: %AUTHPRIV-5-SYSTEM_MSG: pam_unix(aaa:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=admin - aaad]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<189>May 3 13:20:50 10.100.0.34 6031594: May 3 13:20:48.739 AEST: %AUTHPRIV-5-SYSTEM_MSG: pam_unix(aaa:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=admin - aaad]"
                 ]
             },
             "event": {
@@ -817,7 +817,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<185>May 3 13:20:50 10.100.0.34 6031594: May 3 13:20:48.739 AEST: %EARL-SW2_DFC1-1-EXCESSIVE_PARITY_ERROR: EARL 0: Parity error detected in VRAM]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<185>May 3 13:20:50 10.100.0.34 6031594: May 3 13:20:48.739 AEST: %EARL-SW2_DFC1-1-EXCESSIVE_PARITY_ERROR: EARL 0: Parity error detected in VRAM]"
                 ]
             },
             "event": {
@@ -840,7 +840,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<187>May 3 13:20:50 ac508f-sr1 6031594: May 3 13:20:48.739 AEST: last message repeated 5 time]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<187>May 3 13:20:50 ac508f-sr1 6031594: May 3 13:20:48.739 AEST: last message repeated 5 time]"
                 ]
             },
             "event": {
@@ -863,7 +863,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<189>May 3 13:20:50 ac508f-sr1 6031594: May 3 13:20:48.739 AEST: %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/33, operational Receive Flow Control state changed to off]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<189>May 3 13:20:50 ac508f-sr1 6031594: May 3 13:20:48.739 AEST: %ETHPORT-5-IF_RX_FLOW_CONTROL: Interface Ethernet1/33, operational Receive Flow Control state changed to off]"
                 ]
             },
             "event": {
@@ -886,7 +886,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<185>May 3 13:20:50 ac508f-sr1 6031594: May 3 13:20:48.739 AEST: %EARL-SW2_DFC1-1-EXCESSIVE_PARITY_ERROR: EARL 0: Parity error detected in VRAM]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<185>May 3 13:20:50 ac508f-sr1 6031594: May 3 13:20:48.739 AEST: %EARL-SW2_DFC1-1-EXCESSIVE_PARITY_ERROR: EARL 0: Parity error detected in VRAM]"
                 ]
             },
             "event": {
@@ -1986,7 +1986,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<188>May 3 13:20:50 10.100.0.34 6031594: May 3 13:20:48.739 AEST: %ARP-4-SYSLOG_SL_MSG_WARNING: ARP-4-INVAL_IP: message repeated 1 times in last 19037118 sec]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<188>May 3 13:20:50 10.100.0.34 6031594: May 3 13:20:48.739 AEST: %ARP-4-SYSLOG_SL_MSG_WARNING: ARP-4-INVAL_IP: message repeated 1 times in last 19037118 sec]"
                 ]
             },
             "event": {
@@ -2009,7 +2009,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<189>May 3 13:20:50 ac508f-sr1 6031594: May 3 13:20:48.739 AEST: %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/9, operational Transmit Flow Control state changed to off]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<189>May 3 13:20:50 ac508f-sr1 6031594: May 3 13:20:48.739 AEST: %ETHPORT-5-IF_TX_FLOW_CONTROL: Interface Ethernet1/9, operational Transmit Flow Control state changed to off]"
                 ]
             },
             "event": {
@@ -2595,7 +2595,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<188>May 3 13:20:50 10.100.0.34 6031594: May 3 13:20:48.739 AEST: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on Ethernet1/47(1), with GigabitEthernet1/0/48(35)]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<188>May 3 13:20:50 10.100.0.34 6031594: May 3 13:20:48.739 AEST: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on Ethernet1/47(1), with GigabitEthernet1/0/48(35)]"
                 ]
             },
             "event": {
@@ -2618,7 +2618,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<188>May 3 13:20:50 ac508f-sr1 6031594: May 3 13:20:48.739 AEST: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on Ethernet1/48(1), with Ethernet1/25(99) (message repeated 2 times)]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<188>May 3 13:20:50 ac508f-sr1 6031594: May 3 13:20:48.739 AEST: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on Ethernet1/48(1), with Ethernet1/25(99) (message repeated 2 times)]"
                 ]
             },
             "event": {
@@ -3179,7 +3179,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<189>May 3 13:20:50 10.100.0.34 6031594: May 3 13:20:48.739 AEST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: username] [Source: 81.2.69.142] [localport: 22] at 07:40:12 PDT Tue May 9 2023]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<189>May 3 13:20:50 10.100.0.34 6031594: May 3 13:20:48.739 AEST: %SEC_LOGIN-5-LOGIN_SUCCESS: Login Success [user: username] [Source: 81.2.69.142] [localport: 22] at 07:40:12 PDT Tue May 9 2023]"
                 ]
             },
             "event": {
@@ -3202,7 +3202,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<190>May 3 13:20:50 ac508f-sr1 6031594: May 3 13:20:48.739 AEST: %SYS-6-LOGOUT: User username has exited tty session 1(81.2.69.142)]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<190>May 3 13:20:50 ac508f-sr1 6031594: May 3 13:20:48.739 AEST: %SYS-6-LOGOUT: User username has exited tty session 1(81.2.69.142)]"
                 ]
             },
             "event": {
@@ -3348,7 +3348,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<187>Jun 14 11:34:35 ac45ce-sr1 AEST: %SFF8472-3-THRESHOLD_VIOLATION: Te2/0/17: Rx power high warning; Operating value: -0.8 dBm, Threshold value: -1.0 dBm.]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<187>Jun 14 11:34:35 ac45ce-sr1 AEST: %SFF8472-3-THRESHOLD_VIOLATION: Te2/0/17: Rx power high warning; Operating value: -0.8 dBm, Threshold value: -1.0 dBm.]"
                 ]
             },
             "event": {
@@ -3371,7 +3371,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<189>Jun 14 12:00:59 ac2109-sr2 AEST: %SEC_LOGIN-SW2-5-LOGIN_SUCCESS: Login Success [user: srvc_a005a7_000] [Source: 10.218.144.16] [localport: 22] at 12:00:59 AEST Wed Jun 14 2023]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<189>Jun 14 12:00:59 ac2109-sr2 AEST: %SEC_LOGIN-SW2-5-LOGIN_SUCCESS: Login Success [user: srvc_a005a7_000] [Source: 10.218.144.16] [localport: 22] at 12:00:59 AEST Wed Jun 14 2023]"
                 ]
             },
             "event": {
@@ -3394,7 +3394,7 @@
             },
             "error": {
                 "message": [
-                    "Processor grok with tag grok_syslog_line in pipeline default-1752231024125926274 failed with message: Provided Grok expressions do not match field value: [<190>Jun 14 12:04:05 ac500a-sr1 AEST: %SYS-SW1-6-LOGOUT_C6K: User srvc_a005a7_0001_prd has exited tty session 2(10.218.144.32)]"
+                    "Processor grok with tag grok_syslog_line in pipeline default-1752231575142565739 failed with message: Provided Grok expressions do not match field value: [<190>Jun 14 12:04:05 ac500a-sr1 AEST: %SYS-SW1-6-LOGOUT_C6K: User srvc_a005a7_0001_prd has exited tty session 2(10.218.144.32)]"
                 ]
             },
             "event": {
diff --git a/packages/cisco_nexus/data_stream/log/manifest.yml b/packages/cisco_nexus/data_stream/log/manifest.yml
@@ -140,6 +140,19 @@ streams:
         required: true
         show_user: true
         default: 9506
+      - name: tz_map
+        type: yaml
+        title: Timezone Map
+        multi: false
+        required: false
+        show_user: false
+        description: >-
+          A collectiom of timezones found in Cisco Nexus logs (as defined in each `tz_short`), and the replacement value (as defined in each `tz_long`) which should be the full proper IANA Timezone format. This is used to override vendor provided timezone formats that is not supported by Elasticsearch [Date Processors](https://www.elastic.co/docs/reference/enrich-processor/date-processor#date-processor-timezones)
+        default: |
+          #- tz_short: AEST
+          #  tz_long: Australia/Sydney
+          #- tz_short: MST
+          #  tz_long: America/Phoenix
       - name: tz_offset
         type: text
         title: Timezone Offset
@@ -204,6 +217,19 @@ streams:
         required: true
         show_user: true
         description: A list of glob-based paths that will be crawled and fetched.
+      - name: tz_map
+        type: yaml
+        title: Timezone Map
+        multi: false
+        required: false
+        show_user: false
+        description: >-
+          A collectiom of timezones found in Cisco Nexus logs (as defined in each `tz_short`), and the replacement value (as defined in each `tz_long`) which should be the full proper IANA Timezone format. This is used to override vendor provided timezone formats that is not supported by Elasticsearch [Date Processors](https://www.elastic.co/docs/reference/enrich-processor/date-processor#date-processor-timezones)
+        default: |
+          #- tz_short: AEST
+          #  tz_long: Australia/Sydney
+          #- tz_short: MST
+          #  tz_long: America/Phoenix
       - name: tz_offset
         type: text
         title: Timezone Offset
