From ea040aa881ae85ebd9ae17c1de2a21340c06fc2e Mon Sep 17 00:00:00 2001
From: Johan <2345274+jg-son@users.noreply.github.com>
Date: Sat, 29 Jan 2022 16:41:40 +0100
Subject: [PATCH] fix curly brackets in values

Fix issue with object to_string includes curly brackets. The regex_replace is not neede anymore.
---
 content_pack.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/content_pack.json b/content_pack.json
index b1e2c67..e68f3ab 100644
--- a/content_pack.json
+++ b/content_pack.json
@@ -100,7 +100,7 @@
                 },
                 "source": {
                     "@type": "string",
-                    "@value": "rule \"process TCP netfilter logs\"\nwhen\n    contains(to_string($message.IP_HEADER_PROTO), \"TCP\")\nthen\n    let message_field = to_string($message.message); \n    let action = grok(pattern: \"%{NETFILTERTCPHEADER}\", value: message_field, only_named_captures: true);\n    let action1 = key_value(to_string(action));\n    set_fields(action1,\"TCP_HEADER_\");\n    let field_replace = regex_replace(\"}\", to_string($message.TCP_HEADER_URGP), \"\");\n    set_field(\"TCP_HEADER_URGP\", field_replace);\n    set_field(\"pipeline\", \"netfilter TCP header parse\");\nend"
+                    "@value": "rule \"process TCP netfilter logs\"\nwhen\n    contains(to_string($message.IP_HEADER_PROTO), \"TCP\")\nthen\n    let message_field = to_string($message.message); \n    let action = grok(pattern: \"%{NETFILTERTCPHEADER}\", value: message_field, only_named_captures: true);\n    let action1 = key_value(to_string(action.message));\n    set_fields(action1,\"TCP_HEADER_\");\n    set_field(\"pipeline\", \"netfilter TCP header parse\");\nend"
                 }
             },
             "constraints": [{
@@ -284,7 +284,7 @@
                 },
                 "source": {
                     "@type": "string",
-                    "@value": "rule \"process UDP netfilter logs\"\nwhen\n    contains(to_string($message.IP_HEADER_PROTO), \"UDP\")\nthen\n    let message_field = to_string($message.message); \n    let action = grok(pattern: \"%{NETFILTERUDPHEADER}\", value: message_field, only_named_captures: true);\n    let action1 = key_value(to_string(action));\n    set_fields(action1,\"UDP_HEADER_\");\n    let field_replace = regex_replace(\"}\", to_string($message.UDP_HEADER_LEN), \"\");\n    set_field(\"UDP_HEADER_LEN\", field_replace);\n    set_field(\"pipeline\", \"netfilter UDP header parse\");\nend"
+                    "@value": "rule \"process UDP netfilter logs\"\nwhen\n    contains(to_string($message.IP_HEADER_PROTO), \"UDP\")\nthen\n    let message_field = to_string($message.message); \n    let action = grok(pattern: \"%{NETFILTERUDPHEADER}\", value: message_field, only_named_captures: true);\n    let action1 = key_value(to_string(action.message));\n    set_fields(action1,\"UDP_HEADER_\");\n    set_field(\"pipeline\", \"netfilter UDP header parse\");\nend"
                 }
             },
             "constraints": [{