doc/userguide: fix some typos

diff --git a/doc/userguide/rules/payload-keywords.rst b/doc/userguide/rules/payload-keywords.rst
index 955a1f78efdf5d42ea900813926091b724c4684b..71885ef05b56ae05a9e04bb69f0274c86012a968 100644 (file)
--- a/doc/userguide/rules/payload-keywords.rst
+++ b/doc/userguide/rules/payload-keywords.rst
@@ -870,14 +870,14 @@ PCRE extraction
 It is possible to capture groups from the regular expression and log them into the
 alert events.
 
-There is 3 capabilities:
+There are 3 capabilities:
 
 * pkt: the extracted group is logged as pkt variable in ``metadata.pktvars``
-* alert: the extracted group is logged to the ``alert.extra`` subobject
+* alert: the extracted group is logged to the ``alert.context`` subobject
 * flow: the extracted group is stored in a flow variable and end up in the ``metadata.flowvars``
 
 To use the feature, parameters of pcre keyword need to be updated.
-After the regular pcre regex and options, a comma separated lists of variable names.
+After the regular pcre regex and options, a comma-separated list of variable names.
 The prefix here is ``flow:``, ``pkt:`` or ``alert:`` and the names can contain special
 characters now. The names map to the capturing substring expressions in order ::
 
@@ -885,7 +885,7 @@ characters now. The names map to the capturing substring expressions in order ::
       flow:ua/ubuntu/repo,flow:ua/ubuntu/pkg/base,     \
       flow:ua/ubuntu/pkg/version";
 
-This would result in the alert event has something like ::
+This would result in the alert event having something like ::
 
   "metadata": {
     "flowvars": [
@@ -908,7 +908,7 @@ get the event in the alert ::
 With that syntax, the result of the extraction will appear like ::
 
   "alert": {
-    "extra": {
+    "context": {
        "ua/ubuntu/repo": "fr",
        "ua/ubuntu/pkg/base": "curl",
        "ua/ubuntu/pkg/version": "2.2.1"