[4.9][filterx] Review fixes

axoflow · Nov 11, 2024 · bc93e94 · bc93e94
1 parent dd69337
commit bc93e94
Show file tree

Hide file tree

Showing 6 changed files with 12 additions and 10 deletions.
diff --git a/content/filterx/filterx-metrics/_index.md b/content/filterx/filterx-metrics/_index.md
@@ -50,7 +50,7 @@ update_metric(
         "app": ${PROGRAM},
         "id": ${SOURCE}
     },
-    increment("${RAWMSG_SIZE}")
+    increment=${RAWMSG_SIZE}
 );
 ```
 
@@ -61,7 +61,7 @@ update_metric(
 | Type:    | dict |
 | Default: | `{}` |
 
-The labels used to create separate counters, based on the fields of the messages processed by `update_metrics`. Use the following format:
+The labels used to create separate counters, based on the fields of the messages processed by `update_metric`. Use the following format:
 
 ```shell
 labels(
@@ -82,4 +82,4 @@ labels(
 
 Sets the stats level of the generated metrics.
 
-> Note: Drivers configured with `internal(yes)` register their metrics on level 3. That way if you are creating an SCL, you can disable the built-in metrics of the driver, and create metrics manually using `update_metrics`.
+> Note: Drivers configured with `internal(yes)` register their metrics on level 3. That way if you are creating an SCL, you can disable the built-in metrics of the driver, and create metrics manually using `update_metric`.
diff --git a/content/filterx/filterx-parsing/cef/cef-parser-options/_index.md b/content/filterx/filterx-parsing/cef/cef-parser-options/_index.md
@@ -8,7 +8,7 @@ The `parse_cef` FilterX function has the following options.
 
 ## pair_separator
 
-Specifies the character or string that separates the CEF fields from each other. Default value: `|` .
+Specifies the character or string that separates the key-value pairs in the extensions. Default value: ` ` (space).
 
 ## value_separator
 

diff --git a/content/filterx/filterx-parsing/leef/leef-parser-options/_index.md b/content/filterx/filterx-parsing/leef/leef-parser-options/_index.md
@@ -8,7 +8,9 @@ The `parse_leef` FilterX function has the following options.
 
 ## pair_separator
 
-Specifies the character or string that separates the LEEF fields from each other. Default value: `|` .
+Specifies the character or string that separates the key-value pairs in the extensions. Default value: `\t` (tab).
+
+LEEF v2 can specify the separator per message. Omitting this option uses the LEEF v2 provided separator, setting this value overrides it during parsing.
 
 ## value_separator
 

diff --git a/content/filterx/filterx-parsing/windows-eventlog/_index.md b/content/filterx/filterx-parsing/windows-eventlog/_index.md
@@ -13,7 +13,7 @@ The `parse_windows_eventlog_xml()` FilterX function parses Windows Event Logs XM
 The parser returns false in the following cases:
 
 - The input isn't valid XML.
-- The root element doesn't references the [Windows Event Log schema](https://learn.microsoft.com/en-us/windows/win32/wes/eventschema-schema) (`<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>`). Note that the parser doesn't validate the input data to the schema.
+- The root element doesn't reference the [Windows Event Log schema](https://learn.microsoft.com/en-us/windows/win32/wes/eventschema-schema) (`<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>`). Note that the parser doesn't validate the input data to the schema.
 
 For example, the following converts the input XML into a JSON object:
 

diff --git a/content/filterx/function-reference.md b/content/filterx/function-reference.md
@@ -451,7 +451,7 @@ Usage: `unset_empties(object, options)`
 
 The `unset_empties()` function has the following options:
 
-- `ignorecase`: Set to `false` to perform case-insensitive matching. Default value: `true`. Available in Available in {{< product >}} 4.9 and later.
+- `ignorecase`: Set to `false` to perform case-sensitive matching. Default value: `true`. Available in Available in {{< product >}} 4.9 and later.
 - `recursive`: Enables recursive processing of nested dictionaries. Default value: `true`
 - `replacement`: Replace the target elements with the value of `replacement` instead of removing them. Available in {{< product >}} 4.9 and later.
 - `targets`: A list of elements to remove or replace. Default value: `["", null, [], {}]`. Available in {{< product >}} 4.9 and later.

diff --git a/content/headless/chunk/filterx-plus-operator.md b/content/headless/chunk/filterx-plus-operator.md
@@ -11,9 +11,9 @@ The plus operator (`+`) adds two arguments, if possible. (For example, you can't
 - Adding two dicts updates the dict with the values of the second operand. For example:
 
     ```shell
-    x = {"element1", "element2", "element3"};
-    y = {"element3", "element4", "element5"};
-    ${MESSAGE} = x + y; # ${MESSAGE} value is {"element1", "element2", "element3", "element4", "element5"}
+    x = {"key1": "value1", "key2": "value1"};
+    y = {"key3": "value1", "key2": "value2"};
+    ${MESSAGE} = x + y; # ${MESSAGE} value is {"key1": "value1", "key3": "value1", "key2": "value2"};
     ```
 
     Available in {{< product >}} 4.9 and later.