Bug: quoted-string in v2 including quotes in extracted value

The version 2 quoted-string parser is incorrectly including the surrounding quotes in the extracted value, unlike version 1.

**Sample log**

``` bash
$ cat quotedstring.log
"value1" "value2"
"value1" value2
```

**Version 1 ruleset**

``` bash
$ cat quotedstring.v1.rb
rule=:%field1:quoted-string% %field2:op-quoted-string%
```

**Version 1 works as expected**

``` bash
$ cat quotedstring.log | lognormalizer -e json -r quotedstring.v1.rb | jq --sort-keys .
{
  "field1": "value1",
  "field2": "value2"
}
{
  "field1": "value1",
  "field2": "value2"
}
```

**Version 2 ruleset**

``` bash
$ cat quotedstring.v2.rb
version=2
rule=:%field1:quoted-string% %field2:op-quoted-string%
```

**Version 2 has unexpected result**

``` bash
$ cat quotedstring.log | lognormalizer -e json -r quotedstring.v2.rb | jq --sort-keys .
{
  "field1": "\"value1\"",
  "field2": "value2"
}
{
  "field1": "\"value1\"",
  "field2": "value2"
}
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bug: quoted-string in v2 including quotes in extracted value #186

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Bug: quoted-string in v2 including quotes in extracted value #186

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions