README
¶
go-ecs
go-ecs is a library for querying ECS fields by name to obtain the fields definition (e.g. Elasticsearch field data type, description, etc).
The library includes data from tagged released of elastic/ecs.
Install
go get github.com/andrewkroh/go-ecs@main
Usage
package main
import (
"fmt"
"github.com/andrewkroh/go-ecs"
)
func main() {
field, err := ecs.Lookup("host.os.name", "8.10")
if err != nil {
return err
}
fmt.Println("data_type", field.DataType)
fmt.Println("is array", field.Array)
fmt.Println("pattern", field.Pattern)
fmt.Println("description", field.Description)
}
Documentation
¶
Overview ¶
Package ecs go-ecs is a library for querying Elastic Common Schema (ECS) fields by name to obtain the fields definition (e.g. Elasticsearch field data type, description, etc.). The library includes data from tagged released of https://github.com/elastic/ecs.
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidVersion = errors.New("invalid version") ErrVersionNotFound = errors.New("version not found") ErrFieldNotFound = errors.New("field not found") )
Error types.
Functions ¶
This section is empty.
Types ¶
type Field ¶
Field represents an ECS field.
func Lookup ¶
Lookup an ECS field definition. If ecsVersion is empty then the latest version is used. You may specify a partial version specifier (e.g. '8', '8.1'), and the latest matching version will be searched. The returned Field should not be modified.
Example ¶
field, err := Lookup("host.os.name", "8.10")
if err != nil {
fmt.Println(err)
return
}
data, _ := json.MarshalIndent(field, "", " ")
fmt.Printf("%s", data)
Output: { "name": "host.os.name", "data_type": "keyword", "array": false, "description": "Operating system name, without the version." }
Source Files
Directories