From bc6414722c35cbf43ef1f924cd7cc552e86e0ab9 Mon Sep 17 00:00:00 2001
From: Tom Hendrikx <tom@whyscream.net>
Date: Sun, 4 Feb 2024 17:10:41 +0100
Subject: [PATCH 1/2] Correct the code example for adding alternative inputs

---
 ALTERNATIVE-INPUTS.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/ALTERNATIVE-INPUTS.md b/ALTERNATIVE-INPUTS.md
index 071b852..6c2973b 100644
--- a/ALTERNATIVE-INPUTS.md
+++ b/ALTERNATIVE-INPUTS.md
@@ -7,9 +7,11 @@ Various other Logstash filters can produce the needed input fields (`program` an
 ----------------
 
 ``` 
-grok {
-    match => { "message" => "%{SYSLOGTIMESTAMP:timestamp} %{SYSLOGHOST} %{DATA:program}(?:\[%{POSINT}\])?: %{GREEDYDATA:message}" }
-    overwrite => ["timestamp", "message"]
+filter {
+    grok {
+        match => { "message" => "%{SYSLOGTIMESTAMP:timestamp} %{SYSLOGHOST} %{DATA:program}(?:\[%{POSINT}\])?: %{GREEDYDATA:message}" }
+        overwrite => ["timestamp", "message"]
+    }
 }
 ```
 

From 10dfac9c11c0847f6a939c82de5fa5803d9df302 Mon Sep 17 00:00:00 2001
From: Tom Hendrikx <tom@whyscream.net>
Date: Sun, 4 Feb 2024 17:09:50 +0100
Subject: [PATCH 2/2] Add validation for the logstash configuration

---
 .github/workflows/test_config_syntax.yml            | 13 +++++++++++++
 .../{run_tests.yml => test_grok_patterns.yml}       |  3 ++-
 test_config_syntax.sh                               |  9 +++++++++
 runtests.sh => test_grok_patterns.sh                |  0
 4 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/test_config_syntax.yml
 rename .github/workflows/{run_tests.yml => test_grok_patterns.yml} (87%)
 create mode 100755 test_config_syntax.sh
 rename runtests.sh => test_grok_patterns.sh (100%)

diff --git a/.github/workflows/test_config_syntax.yml b/.github/workflows/test_config_syntax.yml
new file mode 100644
index 0000000..76d8461
--- /dev/null
+++ b/.github/workflows/test_config_syntax.yml
@@ -0,0 +1,13 @@
+name: Validate configuration syntax
+on: [push]
+jobs:
+  test-syntax:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: |
+          docker run --rm \
+          --volume ./postfix.grok:/etc/logstash/patterns.d/postfix.grok \
+          --volume ./50-filter-postfix.conf:/usr/share/logstash/pipeline/50-filter-postfix.conf \
+          logstash:8.12.0 \
+          logstash --config.test_and_exit -f /usr/share/logstash/pipeline/50-filter-postfix.conf
diff --git a/.github/workflows/run_tests.yml b/.github/workflows/test_grok_patterns.yml
similarity index 87%
rename from .github/workflows/run_tests.yml
rename to .github/workflows/test_grok_patterns.yml
index 6617931..9df748c 100644
--- a/.github/workflows/run_tests.yml
+++ b/.github/workflows/test_grok_patterns.yml
@@ -1,6 +1,7 @@
+name: Test grok patterns
 on: [push]
 jobs:
-  test:
+  test-patterns:
     runs-on: ubuntu-latest
 
     steps:
diff --git a/test_config_syntax.sh b/test_config_syntax.sh
new file mode 100755
index 0000000..a48c9c0
--- /dev/null
+++ b/test_config_syntax.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+set -eux
+
+docker run --rm -it \
+  --volume $(pwd)/postfix.grok:/etc/logstash/patterns.d/postfix.grok \
+  --volume $(pwd)/50-filter-postfix.conf:/usr/share/logstash/pipeline/50-filter-postfix.conf \
+  logstash:8.12.0 \
+  logstash --config.test_and_exit -f /usr/share/logstash/pipeline/50-filter-postfix.conf
diff --git a/runtests.sh b/test_grok_patterns.sh
similarity index 100%
rename from runtests.sh
rename to test_grok_patterns.sh