readme: add example for __find

author Jason Ish <jason.ish@oisf.net>

Tue, 7 May 2024 16:42:54 +0000 (10:42 -0600)

committer Victor Julien <victor@inliniac.net>

Thu, 16 May 2024 17:58:36 +0000 (19:58 +0200)
author Jason Ish <jason.ish@oisf.net>
Tue, 7 May 2024 16:42:54 +0000 (10:42 -0600)
committer Victor Julien <victor@inliniac.net>
Thu, 16 May 2024 17:58:36 +0000 (19:58 +0200)
diff --git a/README.md b/README.md

index f0a9d61cd45b146d1db9823eef74ef7bdb51d9e1..a6d4ce99d93ab1b6a17a8ece7cea429a08415104 100644 (file)
--- a/README.md
+++ b/README.md
@@ -151,6 +151,14 @@ checks:
          # Check that a field does not exist:
          not-has-key: flow
  
+  - filter:
+         # Use a filename other than eve.json
+         filename: suricata.json
+         count: 1
+         match:
+           # Find a substring in a field
+               engine.message.__find: script failed
+
    - shell:
        # A simple shell check. If the command exits with a non-0 exit code the
        # check will fail. The script is run in the output directory of the
author	Jason Ish <jason.ish@oisf.net>
	Tue, 7 May 2024 16:42:54 +0000 (10:42 -0600)
committer	Victor Julien <victor@inliniac.net>
	Thu, 16 May 2024 17:58:36 +0000 (19:58 +0200)